Vulnerability Description
A flaw was found in cri-o, where containers were incorrectly started with non-empty default permissions. A vulnerability was found in Moby (Docker Engine) where containers started incorrectly with non-empty inheritable Linux process capabilities. This flaw allows an attacker with access to programs with inheritable file capabilities to elevate those capabilities to the permitted set when execve(2) runs.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Kubernetes | Cri-O | - |
| Fedoraproject | Fedora | 35 |
| Mobyproject | Moby | < 20.10.14 |
| Redhat | Openshift Container Platform | 3.11 |
Related Weaknesses (CWE)
References
- https://bugzilla.redhat.com/show_bug.cgi?id=2066839Issue TrackingThird Party Advisory
- https://github.com/cri-o/cri-o/security/advisories/GHSA-4hj2-r2pm-3hc6MitigationThird Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2066839Issue TrackingThird Party Advisory
- https://github.com/cri-o/cri-o/security/advisories/GHSA-4hj2-r2pm-3hc6MitigationThird Party Advisory
FAQ
What is CVE-2022-27652?
CVE-2022-27652 is a vulnerability with a CVSS score of 5.3 (MEDIUM). A flaw was found in cri-o, where containers were incorrectly started with non-empty default permissions. A vulnerability was found in Moby (Docker Engine) where containers started incorrectly with non...
How severe is CVE-2022-27652?
CVE-2022-27652 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-27652?
Check the references section above for vendor advisories and patch information. Affected products include: Kubernetes Cri-O, Fedoraproject Fedora, Mobyproject Moby, Redhat Openshift Container Platform.