Vulnerability Name:

CVE-2022-27651 (CCN-223423)

Assigned:2022-03-30
Published:2022-03-30
Updated:2022-09-03
Summary:A flaw was found in buildah where containers were incorrectly started with non-empty default permissions. A bug was found in Moby (Docker Engine) where containers were incorrectly started with non-empty inheritable Linux process capabilities, enabling an attacker with access to programs with inheritable file capabilities to elevate those capabilities to the permitted set when execve(2) runs. This has the potential to impact confidentiality and integrity.
CVSS v3 Severity:6.8 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N)
5.9 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): High
Privileges Required (PR): Low
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): None
8.8 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
7.7 High (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
4.8 Medium (REDHAT CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N)
4.2 Medium (REDHAT Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): High
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): None
CVSS v2 Severity:4.9 Medium (CVSS v2 Vector: AV:N/AC:M/Au:S/C:P/I:P/A:N)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): None
9.0 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Type:CWE-276
Vulnerability Consequences:Gain Privileges
References:Source: MITRE
Type: CNA
CVE-2022-27651

Source: CCN
Type: Red Hat Bugzilla - Bug 2066840
(CVE-2022-27651) - CVE-2022-27651 buildah: Default inheritable capabilities for linux container should be empty

Source: MISC
Type: Issue Tracking, Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2066840

Source: XF
Type: UNKNOWN
buildah-cve202227651-priv-esc(223423)

Source: CCN
Type: buildah GIT Repository
do not set the inheritable capabilities

Source: MISC
Type: Patch, Third Party Advisory
https://github.com/containers/buildah/commit/e7e55c988c05dd74005184ceb64f097a0cfe645b

Source: MISC
Type: Third Party Advisory
https://github.com/containers/buildah/security/advisories/GHSA-c3g4-w6cv-6v7h

Source: FEDORA
Type: Mailing List, Third Party Advisory
FEDORA-2022-1a15fe81f0

Source: FEDORA
Type: Mailing List, Third Party Advisory
FEDORA-2022-224a93852c

Source: FEDORA
Type: Mailing List, Third Party Advisory
FEDORA-2022-e6388650ea

Vulnerable Configuration:Configuration 1:
  • cpe:/a:buildah_project:buildah:*:*:*:*:*:*:*:* (Version < 1.25.0)

    • Configuration 2:
  • cpe:/o:fedoraproject:fedora:34:*:*:*:*:*:*:*
  • OR cpe:/o:fedoraproject:fedora:35:*:*:*:*:*:*:*
  • OR cpe:/o:fedoraproject:fedora:36:*:*:*:*:*:*:*

    • Configuration 3:
  • cpe:/o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*

    • Configuration RedHat 1:
  • cpe:/a:redhat:enterprise_linux:8:*:*:*:*:*:*:*

    • Configuration RedHat 2:
  • cpe:/a:redhat:enterprise_linux:8::appstream:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:7846
    P
    		buildah-1.29.1-150500.1.13 on GA media (Moderate)
    2023-06-12
    oval:org.opensuse.security:def:679
    P
    		Security update for buildah (Moderate)
    2022-08-05
    oval:org.opensuse.security:def:3671
    P
    		Security update for buildah (Moderate)
    2022-08-05
    oval:org.opensuse.security:def:95301
    P
    		Security update for buildah (Moderate)
    2022-08-05
    oval:com.redhat.rhsa:def:20221762
    P
    		RHSA-2022:1762: container-tools:rhel8 security, bug fix, and enhancement update (Important)
    2022-05-10
    oval:org.opensuse.security:def:991
    P
    		Security update for buildah (Moderate)
    2022-04-27
    oval:org.opensuse.security:def:101683
    P
    		Security update for buildah (Moderate)
    2022-04-27
    oval:com.redhat.rhsa:def:20221565
    P
    		RHSA-2022:1565: container-tools:3.0 security and bug fix update (Moderate)
    2022-04-26
    oval:com.redhat.rhsa:def:20221566
    P
    		RHSA-2022:1566: container-tools:2.0 security update (Moderate)
    2022-04-26
    BACK
    buildah_project buildah *
    fedoraproject fedora 34
    fedoraproject fedora 35
    fedoraproject fedora 36
    redhat enterprise linux 7.0
    redhat enterprise linux 8.0