Candidate: CVE-2022-27651
PublicDate: 2022-04-04 20:15:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27651
 https://github.com/containers/buildah/commit/e7e55c988c05dd74005184ceb64f097a0cfe645b (v1.25.1)
 https://github.com/containers/buildah/commit/e7e55c988c05dd74005184ceb64f097a0cfe645b
 https://bugzilla.redhat.com/show_bug.cgi?id=2066840
 https://github.com/containers/buildah/security/advisories/GHSA-c3g4-w6cv-6v7h
Description:
 A flaw was found in buildah where containers were incorrectly started with
 non-empty default permissions. A bug was found in Moby (Docker Engine)
 where containers were incorrectly started with non-empty inheritable Linux
 process capabilities, enabling an attacker with access to programs with
 inheritable file capabilities to elevate those capabilities to the
 permitted set when execve(2) runs. This has the potential to impact
 confidentiality and integrity.
Ubuntu-Description:
Notes:
Mitigation:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N [6.8 MEDIUM]


Patches_golang-github-containers-buildah:
upstream_golang-github-containers-buildah: needs-triage
trusty_golang-github-containers-buildah: ignored (out of standard support)
xenial_golang-github-containers-buildah: ignored (out of standard support)
impish_golang-github-containers-buildah: needs-triage
jammy_golang-github-containers-buildah: needs-triage
devel_golang-github-containers-buildah: needs-triage