CVE-2022-42150 - OpenCVE

TinyLab linux-lab v1.1-rc1 and cloud-labv0.8-rc2, v1.1-rc1 are vulnerable to insecure permissions. The default configuration could cause Container Escape.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Tinylab	Cloud Lab Linux Lab

Configuration 1 [-]

OR	cpe:2.3:a:tinylab:cloud_lab:0.8:rc2::::::
	cpe:2.3:a:tinylab:cloud_lab:1.1:rc1::::::
	cpe:2.3:a:tinylab:linux_lab:1.1:rc1::::::

References

Link	Resource
https://github.com/eBPF-Research/eBPF-Attack/blob/main/PoC.md#attack-requirements	Exploit Third Party Advisory
https://github.com/tinyclub/cloud-lab/blob/d19ff92713685a7fb84b423dea6a184b25c378c9/configs/common/seccomp-profiles-default.json	Patch
https://github.com/tinyclub/linux-lab/issues/14	Issue Tracking
https://hackmd.io/%40UR9gnr32QymtmtZHnZceOw/ry428EZGo
https://www.usenix.org/conference/usenixsecurity23/presentation/he	Exploit Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2023-10-19T00:00:00

Updated: 2023-10-19T19:13:59.989557

Reserved: 2022-10-03T00:00:00

Link: CVE-2022-42150

JSON object: View

NVD Information

Status : Modified

Published: 2023-10-19T20:15:08.710

Modified: 2023-11-07T03:53:12.300

Link: CVE-2022-42150

JSON object: View

Redhat Information

No data.

CWE

CWE-276

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:tinylab:cloud_lab:0.8:rc2:*:*:*:*:*:*", "matchCriteriaId": "97511A97-0470-42FA-8D7A-132508A64C39", "vulnerable": true}, {"criteria": "cpe:2.3:a:tinylab:cloud_lab:1.1:rc1:*:*:*:*:*:*", "matchCriteriaId": "4F4C8B86-BDC7-4766-ADEC-E7A365E832AC", "vulnerable": true}, {"criteria": "cpe:2.3:a:tinylab:linux_lab:1.1:rc1:*:*:*:*:*:*", "matchCriteriaId": "170D3DC8-E719-4B58-92B0-82B5D0A219A2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "TinyLab linux-lab v1.1-rc1 and cloud-labv0.8-rc2, v1.1-rc1 are vulnerable to insecure permissions. The default configuration could cause Container Escape."}, {"lang": "es", "value": "TinyLab linux-lab v1.1-rc1 y cloud-labv0.8-rc2, v1.1-rc1 son vulnerables a permisos inseguros. La configuraci\u00f3n predeterminada podr\u00eda provocar el escape del contenedor."}], "id": "CVE-2022-42150", "lastModified": "2023-11-07T03:53:12.300", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 10.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 6.0, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-10-19T20:15:08.710", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/eBPF-Research/eBPF-Attack/blob/main/PoC.md#attack-requirements"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "https://github.com/tinyclub/cloud-lab/blob/d19ff92713685a7fb84b423dea6a184b25c378c9/configs/common/seccomp-profiles-default.json"}, {"source": "cve@mitre.org", "tags": ["Issue Tracking"], "url": "https://github.com/tinyclub/linux-lab/issues/14"}, {"source": "cve@mitre.org", "url": "https://hackmd.io/%40UR9gnr32QymtmtZHnZceOw/ry428EZGo"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://www.usenix.org/conference/usenixsecurity23/presentation/he"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-276"}], "source": "nvd@nist.gov", "type": "Primary"}]}