Vulnerability Name:

CVE-2022-23648 (CCN-220823)

Assigned:2022-03-02
Published:2022-03-02
Updated:2023-07-11
Summary:
CVSS v3 Severity:7.5 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)
6.7 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): High
Integrity (I): None
Availibility (A): None
7.5 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)
6.7 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): High
Integrity (I): None
Availibility (A): None
CVSS v2 Severity:5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): None
Availibility (A): None
7.8 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:N/A:N)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): None
Availibility (A): None
Vulnerability Consequences:Obtain Information
References:Source: MITRE
Type: CNA
CVE-2022-23648

Source: security-advisories@github.com
Type: Exploit, Third Party Advisory, VDB Entry
security-advisories@github.com

Source: XF
Type: UNKNOWN
containerd-cve202223648-info-disc(220823)

Source: security-advisories@github.com
Type: Patch, Third Party Advisory
security-advisories@github.com

Source: security-advisories@github.com
Type: Patch, Release Notes, Third Party Advisory
security-advisories@github.com

Source: security-advisories@github.com
Type: Patch, Release Notes, Third Party Advisory
security-advisories@github.com

Source: security-advisories@github.com
Type: Patch, Release Notes, Third Party Advisory
security-advisories@github.com

Source: CCN
Type: containerd GIT Repository
containerd CRI plugin: Insecure handling of image volumes

Source: security-advisories@github.com
Type: Third Party Advisory
security-advisories@github.com

Source: security-advisories@github.com
Type: Issue Tracking, Third Party Advisory
security-advisories@github.com

Source: security-advisories@github.com
Type: Issue Tracking, Third Party Advisory
security-advisories@github.com

Source: security-advisories@github.com
Type: Issue Tracking, Third Party Advisory
security-advisories@github.com

Source: CCN
Type: Packet Storm Security [03-24-2022]
containerd Image Volume Insecure Handling

Source: CCN
Type: oss-sec Mailing List, Wed, 2 Mar 2022 19:17:44 +0000
CVE-2022-23648: containerd CRI plugin: Insecure handling of image volumes

Source: security-advisories@github.com
Type: Mailing List, Third Party Advisory
security-advisories@github.com

Source: CCN
Type: IBM Security Bulletin 6615221 (Robotic Process Automation for Cloud Pak)
Multiple Security Vulnerabilities may affect IBM Robotic Process Automation for Cloud Pak

Source: CCN
Type: IBM Security Bulletin 6830587 (MQ Operator)
IBM MQ Operator and Queue manager container images are vulnerable to multiple vulnerabilities from containerd, gnupg2, runc and IBM WebSphere Application Server Liberty

Source: CCN
Type: IBM Security Bulletin 6991633 (Edge Application Manager)
Open Source Dependency Vulnerability

Source: CCN
Type: IBM Security Bulletin 6999559 (Edge Application Manager)
IBM Edge Application Manager 4.5 addresses multiple security vulnerabilities

Vulnerable Configuration:Configuration CCN 1:
  • cpe:/a:linuxfoundation:containerd:1.5.0:-:*:*:*:*:*:*
  • OR cpe:/a:linuxfoundation:containerd:1.4.12:*:*:*:*:*:*:*
  • OR cpe:/a:linuxfoundation:containerd:1.5.9:*:*:*:*:*:*:*
  • OR cpe:/a:linuxfoundation:containerd:1.6.0:-:*:*:*:*:*:*
  • AND
  • cpe:/a:ibm:robotic_process_automation_for_cloud_pak:21.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:robotic_process_automation_for_cloud_pak:21.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:robotic_process_automation_for_cloud_pak:21.0.3:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:7850
    P
    		containerd-1.6.19-150000.87.1 on GA media (Moderate)
    2023-06-12
    oval:org.opensuse.security:def:3242
    P
    		libpython3_4m1_0-3.4.6-25.29.1 on GA media (Moderate)
    2022-06-28
    oval:org.opensuse.security:def:3668
    P
    		librelp0-1.2.12-3.3.1 on GA media (Moderate)
    2022-06-28
    oval:org.opensuse.security:def:94872
    P
    		containerd-1.4.12-150000.65.1 on GA media (Moderate)
    2022-06-22
    oval:org.opensuse.security:def:406
    P
    		Security update for trivy (Moderate)
    2022-06-21
    oval:org.opensuse.security:def:42184
    P
    		Security update for containerd, docker (Important)
    2022-05-16
    oval:org.opensuse.security:def:118897
    P
    		Security update for containerd, docker (Important)
    2022-05-16
    oval:org.opensuse.security:def:94237
    P
    		 (Important)
    2022-05-16
    oval:org.opensuse.security:def:42385
    P
    		Security update for containerd, docker (Important)
    2022-05-16
    oval:org.opensuse.security:def:1514
    P
    		Security update for containerd, docker (Important)
    2022-05-16
    oval:org.opensuse.security:def:93296
    P
    		 (Important)
    2022-05-16
    oval:org.opensuse.security:def:119204
    P
    		Security update for containerd, docker (Important)
    2022-05-16
    oval:org.opensuse.security:def:93608
    P
    		 (Important)
    2022-05-16
    oval:org.opensuse.security:def:482
    P
    		Security update for containerd, docker (Important)
    2022-05-16
    oval:org.opensuse.security:def:95298
    P
    		Security update for containerd, docker (Important)
    2022-05-16
    oval:org.opensuse.security:def:94025
    P
    		 (Important)
    2022-05-16
    oval:org.opensuse.security:def:42286
    P
    		Security update for containerd, docker (Important)
    2022-05-16
    oval:org.opensuse.security:def:992
    P
    		Security update for containerd, docker (Important)
    2022-05-16
    oval:org.opensuse.security:def:119394
    P
    		Security update for containerd, docker (Important)
    2022-05-16
    oval:org.opensuse.security:def:94446
    P
    		 (Important)
    2022-05-16
    oval:org.opensuse.security:def:93136
    P
    		 (Important)
    2022-05-16
    oval:org.opensuse.security:def:118707
    P
    		Security update for containerd, docker (Important)
    2022-05-16
    oval:org.opensuse.security:def:93454
    P
    		 (Important)
    2022-05-16
    oval:org.opensuse.security:def:119579
    P
    		Security update for containerd, docker (Important)
    2022-05-16
    oval:org.opensuse.security:def:93811
    P
    		 (Important)
    2022-05-16
    oval:org.opensuse.security:def:102092
    P
    		Security update for containerd, docker (Important) (in QA)
    2022-04-29
    oval:org.opensuse.security:def:101685
    P
    		Security update for containerd, docker (Important) (in QA)
    2022-04-29
    oval:org.opensuse.security:def:42431
    P
    		Security update for containerd (Moderate)
    2022-04-19
    oval:org.opensuse.security:def:93165
    P
    		 (Moderate)
    2022-03-04
    oval:org.opensuse.security:def:101690
    P
    		Security update for containerd (Moderate)
    2022-03-04
    oval:org.opensuse.security:def:99217
    P
    		 (Moderate)
    2022-03-04
    oval:org.opensuse.security:def:93483
    P
    		 (Moderate)
    2022-03-04
    oval:org.opensuse.security:def:100424
    P
    		 (Moderate)
    2022-03-04
    oval:org.opensuse.security:def:93845
    P
    		 (Moderate)
    2022-03-04
    oval:org.opensuse.security:def:42206
    P
    		Security update for containerd (Moderate)
    2022-03-04
    oval:org.opensuse.security:def:99491
    P
    		 (Moderate)
    2022-03-04
    oval:org.opensuse.security:def:94271
    P
    		 (Moderate)
    2022-03-04
    oval:org.opensuse.security:def:100758
    P
    		 (Moderate)
    2022-03-04
    oval:org.opensuse.security:def:93323
    P
    		 (Moderate)
    2022-03-04
    oval:org.opensuse.security:def:99753
    P
    		 (Moderate)
    2022-03-04
    oval:org.opensuse.security:def:93634
    P
    		 (Moderate)
    2022-03-04
    oval:org.opensuse.security:def:94057
    P
    		 (Moderate)
    2022-03-04
    oval:org.opensuse.security:def:42349
    P
    		Security update for containerd (Moderate)
    2022-03-04
    oval:org.opensuse.security:def:999
    P
    		Security update for containerd (Moderate)
    2022-03-04
    oval:org.opensuse.security:def:100086
    P
    		 (Moderate)
    2022-03-04
    oval:org.opensuse.security:def:94478
    P
    		 (Moderate)
    2022-03-04
    BACK
    linuxfoundation containerd 1.5.0 -
    linuxfoundation containerd 1.4.12
    linuxfoundation containerd 1.5.9
    linuxfoundation containerd 1.6.0 -
    ibm robotic process automation for cloud pak 21.0.1
    ibm robotic process automation for cloud pak 21.0.2
    ibm robotic process automation for cloud pak 21.0.3