CVE-2022-27652 - OpenCVE

A flaw was found in cri-o, where containers were incorrectly started with non-empty default permissions. A vulnerability was found in Moby (Docker Engine) where containers started incorrectly with non-empty inheritable Linux process capabilities. This flaw allows an attacker with access to programs with inheritable file capabilities to elevate those capabilities to the permitted set when execve(2) runs.

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:L/AC:L/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Redhat	Openshift Container Platform
Kubernetes	Cri-o
Mobyproject	Moby
Fedoraproject	Fedora

Configuration 1 [-]

cpe:2.3:a:kubernetes:cri-o:-:*:*:*:*:*:*:*

Configuration 2 [-]

cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*

Configuration 3 [-]

cpe:2.3:a:mobyproject:moby:*:*:*:*:*:*:*:*

Configuration 4 [-]

OR	cpe:2.3:a:redhat:openshift_container_platform:3.11:::::::*
	cpe:2.3:a:redhat:openshift_container_platform:4.0:::::::*

References

Link	Resource
https://bugzilla.redhat.com/show_bug.cgi?id=2066839	Issue Tracking Third Party Advisory
https://github.com/cri-o/cri-o/security/advisories/GHSA-4hj2-r2pm-3hc6	Mitigation Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: redhat

Published: 2022-04-18T16:20:29

Updated: 2022-04-18T16:20:29

Reserved: 2022-03-22T00:00:00

Link: CVE-2022-27652

JSON object: View

NVD Information

Status : Analyzed

Published: 2022-04-18T17:15:16.977

Modified: 2022-04-27T00:22:32.947

Link: CVE-2022-27652

JSON object: View

Redhat Information

No data.

CWE

CWE-276

{"containers": {"cna": {"affected": [{"product": "cri-o", "vendor": "n/a", "versions": [{"status": "affected", "version": "Affects all versions."}]}], "descriptions": [{"lang": "en", "value": "A flaw was found in cri-o, where containers were incorrectly started with non-empty default permissions. A vulnerability was found in Moby (Docker Engine) where containers started incorrectly with non-empty inheritable Linux process capabilities. This flaw allows an attacker with access to programs with inheritable file capabilities to elevate those capabilities to the permitted set when execve(2) runs."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-276", "description": "CWE-276 - Incorrect Default Permissions", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-04-18T16:20:29", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2066839"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/cri-o/cri-o/security/advisories/GHSA-4hj2-r2pm-3hc6"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "ID": "CVE-2022-27652", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "cri-o", "version": {"version_data": [{"version_value": "Affects all versions."}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A flaw was found in cri-o, where containers were incorrectly started with non-empty default permissions. A vulnerability was found in Moby (Docker Engine) where containers started incorrectly with non-empty inheritable Linux process capabilities. This flaw allows an attacker with access to programs with inheritable file capabilities to elevate those capabilities to the permitted set when execve(2) runs."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-276 - Incorrect Default Permissions"}]}]}, "references": {"reference_data": [{"name": "https://bugzilla.redhat.com/show_bug.cgi?id=2066839", "refsource": "MISC", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2066839"}, {"name": "https://github.com/cri-o/cri-o/security/advisories/GHSA-4hj2-r2pm-3hc6", "refsource": "MISC", "url": "https://github.com/cri-o/cri-o/security/advisories/GHSA-4hj2-r2pm-3hc6"}]}}}}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2022-27652", "datePublished": "2022-04-18T16:20:29", "dateReserved": "2022-03-22T00:00:00", "dateUpdated": "2022-04-18T16:20:29", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:kubernetes:cri-o:-:*:*:*:*:*:*:*", "matchCriteriaId": "A283D260-73A3-481A-9E98-4C4604020B83", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*", "matchCriteriaId": "80E516C0-98A4-4ADE-B69F-66A772E2BAAA", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mobyproject:moby:*:*:*:*:*:*:*:*", "matchCriteriaId": "251599F9-5922-4381-8D28-A663B2CEA315", "versionEndExcluding": "20.10.14", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:redhat:openshift_container_platform:3.11:*:*:*:*:*:*:*", "matchCriteriaId": "2F87326E-0B56-4356-A889-73D026DB1D4B", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:openshift_container_platform:4.0:*:*:*:*:*:*:*", "matchCriteriaId": "932D137F-528B-4526-9A89-CD59FA1AB0FE", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A flaw was found in cri-o, where containers were incorrectly started with non-empty default permissions. A vulnerability was found in Moby (Docker Engine) where containers started incorrectly with non-empty inheritable Linux process capabilities. This flaw allows an attacker with access to programs with inheritable file capabilities to elevate those capabilities to the permitted set when execve(2) runs."}, {"lang": "es", "value": "Se ha encontrado un fallo en cri-o, donde los contenedores eran iniciados incorrectamente con permisos por defecto no vac\u00edos. Se ha encontrado una vulnerabilidad en Moby (Docker Engine) donde los contenedores se iniciaban incorrectamente con capacidades de proceso Linux heredables no vac\u00edas. Este fallo permite a un atacante con acceso a programas con capacidades de archivo heredables elevar esas capacidades al conjunto permitido cuando es ejecutado execve(2)"}], "id": "CVE-2022-27652", "lastModified": "2022-04-27T00:22:32.947", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-04-18T17:15:16.977", "references": [{"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2066839"}, {"source": "secalert@redhat.com", "tags": ["Mitigation", "Third Party Advisory"], "url": "https://github.com/cri-o/cri-o/security/advisories/GHSA-4hj2-r2pm-3hc6"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-276"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-276"}], "source": "secalert@redhat.com", "type": "Secondary"}]}