csaf_suse - suse-su-2022:3321-1

Vulnerability from csaf_suse

Published

2022-09-20 15:19

Modified

2022-09-20 15:19

Summary

Security update for kubevirt, virt-api-container, virt-controller-container, virt-handler-container, virt-launcher-container, virt-libguestfs-tools-container, virt-operator-container

Notes

Title of the patch

Security update for kubevirt, virt-api-container, virt-controller-container, virt-handler-container, virt-launcher-container, virt-libguestfs-tools-container, virt-operator-container

Description of the patch

This update for kubevirt, virt-api-container, virt-controller-container, virt-handler-container, virt-launcher-container, virt-libguestfs-tools-container, virt-operator-container fixes the following issues: Security issues fixed: - CVE-2022-1798: Fix arbitrary file read on the host from KubeVirt VMs (bsc#1202516) Security issues fixed in vendored dependencies: - CVE-2022-1996: Fixed go-restful CORS bypass (bsc#1200528) - CVE-2022-29162: Fixed runc incorrect handling of inheritable capabilities in default configuration (bsc#1199460) Other fixes: - Pack nft rules and nsswitch.conf for virt-handler - Only create 1MiB-aligned disk images (bsc#1199603) - Avoid to return nil failure message - Use semantic equality comparison - Allow to configure utility containers for update test - Install nftables to manage network rules - Install tar to allow kubectl cp ... - Symlink nsswitch.conf and nft rules to proper locations - Enable USB redirection support for QEMU - Install vim-small instread of vim - Drop libvirt-daemon-driver-storage-core - Install ethtool and gawk (bsc#1199392) - Use non-versioned appliance to avoid redundant rpm query - Explicitly state the dependency on kubevirt main package

Patchnames

SUSE-2022-3321,SUSE-SLE-Module-Containers-15-SP3-2022-3321,openSUSE-SLE-15.3-2022-3321

CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).

JSON

To clipboard

{
   document: {
      aggregate_severity: {
         namespace: "https://www.suse.com/support/security/rating/",
         text: "important",
      },
      category: "csaf_security_advisory",
      csaf_version: "2.0",
      distribution: {
         text: "Copyright 2024 SUSE LLC. All rights reserved.",
         tlp: {
            label: "WHITE",
            url: "https://www.first.org/tlp/",
         },
      },
      lang: "en",
      notes: [
         {
            category: "summary",
            text: "Security update for kubevirt, virt-api-container, virt-controller-container, virt-handler-container, virt-launcher-container, virt-libguestfs-tools-container, virt-operator-container",
            title: "Title of the patch",
         },
         {
            category: "description",
            text: "This update for kubevirt, virt-api-container, virt-controller-container, virt-handler-container, virt-launcher-container, virt-libguestfs-tools-container, virt-operator-container fixes the following issues:\n\nSecurity issues fixed:\n\n- CVE-2022-1798: Fix arbitrary file read on the host from KubeVirt VMs (bsc#1202516)\n\nSecurity issues fixed in vendored dependencies:\n\n- CVE-2022-1996: Fixed go-restful CORS bypass (bsc#1200528)\n- CVE-2022-29162: Fixed runc incorrect handling of inheritable capabilities in default configuration (bsc#1199460)\n\nOther fixes:\n\n- Pack nft rules and nsswitch.conf for virt-handler\n- Only create 1MiB-aligned disk images (bsc#1199603)\n- Avoid to return nil failure message\n- Use semantic equality comparison\n- Allow to configure utility containers for update test\n- Install nftables to manage network rules\n- Install tar to allow kubectl cp ...\n- Symlink nsswitch.conf and nft rules to proper locations\n- Enable USB redirection support for QEMU\n- Install vim-small instread of vim\n- Drop libvirt-daemon-driver-storage-core\n- Install ethtool and gawk (bsc#1199392)\n- Use non-versioned appliance to avoid redundant rpm query\n- Explicitly state the dependency on kubevirt main package\n",
            title: "Description of the patch",
         },
         {
            category: "details",
            text: "SUSE-2022-3321,SUSE-SLE-Module-Containers-15-SP3-2022-3321,openSUSE-SLE-15.3-2022-3321",
            title: "Patchnames",
         },
         {
            category: "legal_disclaimer",
            text: "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
            title: "Terms of use",
         },
      ],
      publisher: {
         category: "vendor",
         contact_details: "https://www.suse.com/support/security/contact/",
         name: "SUSE Product Security Team",
         namespace: "https://www.suse.com/",
      },
      references: [
         {
            category: "external",
            summary: "SUSE ratings",
            url: "https://www.suse.com/support/security/rating/",
         },
         {
            category: "self",
            summary: "URL of this CSAF notice",
            url: "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2022_3321-1.json",
         },
         {
            category: "self",
            summary: "URL for SUSE-SU-2022:3321-1",
            url: "https://www.suse.com/support/update/announcement/2022/suse-su-20223321-1/",
         },
         {
            category: "self",
            summary: "E-Mail link for SUSE-SU-2022:3321-1",
            url: "https://lists.suse.com/pipermail/sle-security-updates/2022-September/012297.html",
         },
         {
            category: "self",
            summary: "SUSE Bug 1199392",
            url: "https://bugzilla.suse.com/1199392",
         },
         {
            category: "self",
            summary: "SUSE Bug 1199460",
            url: "https://bugzilla.suse.com/1199460",
         },
         {
            category: "self",
            summary: "SUSE Bug 1199603",
            url: "https://bugzilla.suse.com/1199603",
         },
         {
            category: "self",
            summary: "SUSE Bug 1200528",
            url: "https://bugzilla.suse.com/1200528",
         },
         {
            category: "self",
            summary: "SUSE Bug 1202516",
            url: "https://bugzilla.suse.com/1202516",
         },
         {
            category: "self",
            summary: "SUSE CVE CVE-2022-1798 page",
            url: "https://www.suse.com/security/cve/CVE-2022-1798/",
         },
         {
            category: "self",
            summary: "SUSE CVE CVE-2022-1996 page",
            url: "https://www.suse.com/security/cve/CVE-2022-1996/",
         },
         {
            category: "self",
            summary: "SUSE CVE CVE-2022-29162 page",
            url: "https://www.suse.com/security/cve/CVE-2022-29162/",
         },
      ],
      title: "Security update for kubevirt, virt-api-container, virt-controller-container, virt-handler-container, virt-launcher-container, virt-libguestfs-tools-container, virt-operator-container",
      tracking: {
         current_release_date: "2022-09-20T15:19:24Z",
         generator: {
            date: "2022-09-20T15:19:24Z",
            engine: {
               name: "cve-database.git:bin/generate-csaf.pl",
               version: "1",
            },
         },
         id: "SUSE-SU-2022:3321-1",
         initial_release_date: "2022-09-20T15:19:24Z",
         revision_history: [
            {
               date: "2022-09-20T15:19:24Z",
               number: "1",
               summary: "Current version",
            },
         ],
         status: "final",
         version: "1",
      },
   },
   product_tree: {
      branches: [
         {
            branches: [
               {
                  branches: [
                     {
                        category: "product_version",
                        name: "kubevirt-container-disk-0.49.0-150300.8.13.1.x86_64",
                        product: {
                           name: "kubevirt-container-disk-0.49.0-150300.8.13.1.x86_64",
                           product_id: "kubevirt-container-disk-0.49.0-150300.8.13.1.x86_64",
                        },
                     },
                     {
                        category: "product_version",
                        name: "kubevirt-manifests-0.49.0-150300.8.13.1.x86_64",
                        product: {
                           name: "kubevirt-manifests-0.49.0-150300.8.13.1.x86_64",
                           product_id: "kubevirt-manifests-0.49.0-150300.8.13.1.x86_64",
                        },
                     },
                     {
                        category: "product_version",
                        name: "kubevirt-tests-0.49.0-150300.8.13.1.x86_64",
                        product: {
                           name: "kubevirt-tests-0.49.0-150300.8.13.1.x86_64",
                           product_id: "kubevirt-tests-0.49.0-150300.8.13.1.x86_64",
                        },
                     },
                     {
                        category: "product_version",
                        name: "kubevirt-virt-api-0.49.0-150300.8.13.1.x86_64",
                        product: {
                           name: "kubevirt-virt-api-0.49.0-150300.8.13.1.x86_64",
                           product_id: "kubevirt-virt-api-0.49.0-150300.8.13.1.x86_64",
                        },
                     },
                     {
                        category: "product_version",
                        name: "kubevirt-virt-controller-0.49.0-150300.8.13.1.x86_64",
                        product: {
                           name: "kubevirt-virt-controller-0.49.0-150300.8.13.1.x86_64",
                           product_id: "kubevirt-virt-controller-0.49.0-150300.8.13.1.x86_64",
                        },
                     },
                     {
                        category: "product_version",
                        name: "kubevirt-virt-handler-0.49.0-150300.8.13.1.x86_64",
                        product: {
                           name: "kubevirt-virt-handler-0.49.0-150300.8.13.1.x86_64",
                           product_id: "kubevirt-virt-handler-0.49.0-150300.8.13.1.x86_64",
                        },
                     },
                     {
                        category: "product_version",
                        name: "kubevirt-virt-launcher-0.49.0-150300.8.13.1.x86_64",
                        product: {
                           name: "kubevirt-virt-launcher-0.49.0-150300.8.13.1.x86_64",
                           product_id: "kubevirt-virt-launcher-0.49.0-150300.8.13.1.x86_64",
                        },
                     },
                     {
                        category: "product_version",
                        name: "kubevirt-virt-operator-0.49.0-150300.8.13.1.x86_64",
                        product: {
                           name: "kubevirt-virt-operator-0.49.0-150300.8.13.1.x86_64",
                           product_id: "kubevirt-virt-operator-0.49.0-150300.8.13.1.x86_64",
                        },
                     },
                     {
                        category: "product_version",
                        name: "kubevirt-virtctl-0.49.0-150300.8.13.1.x86_64",
                        product: {
                           name: "kubevirt-virtctl-0.49.0-150300.8.13.1.x86_64",
                           product_id: "kubevirt-virtctl-0.49.0-150300.8.13.1.x86_64",
                        },
                     },
                     {
                        category: "product_version",
                        name: "obs-service-kubevirt_containers_meta-0.49.0-150300.8.13.1.x86_64",
                        product: {
                           name: "obs-service-kubevirt_containers_meta-0.49.0-150300.8.13.1.x86_64",
                           product_id: "obs-service-kubevirt_containers_meta-0.49.0-150300.8.13.1.x86_64",
                        },
                     },
                  ],
                  category: "architecture",
                  name: "x86_64",
               },
               {
                  branches: [
                     {
                        category: "product_name",
                        name: "SUSE Linux Enterprise Module for Containers 15 SP3",
                        product: {
                           name: "SUSE Linux Enterprise Module for Containers 15 SP3",
                           product_id: "SUSE Linux Enterprise Module for Containers 15 SP3",
                           product_identification_helper: {
                              cpe: "cpe:/o:suse:sle-module-containers:15:sp3",
                           },
                        },
                     },
                     {
                        category: "product_name",
                        name: "openSUSE Leap 15.3",
                        product: {
                           name: "openSUSE Leap 15.3",
                           product_id: "openSUSE Leap 15.3",
                           product_identification_helper: {
                              cpe: "cpe:/o:opensuse:leap:15.3",
                           },
                        },
                     },
                  ],
                  category: "product_family",
                  name: "SUSE Linux Enterprise",
               },
            ],
            category: "vendor",
            name: "SUSE",
         },
      ],
      relationships: [
         {
            category: "default_component_of",
            full_product_name: {
               name: "kubevirt-manifests-0.49.0-150300.8.13.1.x86_64 as component of SUSE Linux Enterprise Module for Containers 15 SP3",
               product_id: "SUSE Linux Enterprise Module for Containers 15 SP3:kubevirt-manifests-0.49.0-150300.8.13.1.x86_64",
            },
            product_reference: "kubevirt-manifests-0.49.0-150300.8.13.1.x86_64",
            relates_to_product_reference: "SUSE Linux Enterprise Module for Containers 15 SP3",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "kubevirt-virtctl-0.49.0-150300.8.13.1.x86_64 as component of SUSE Linux Enterprise Module for Containers 15 SP3",
               product_id: "SUSE Linux Enterprise Module for Containers 15 SP3:kubevirt-virtctl-0.49.0-150300.8.13.1.x86_64",
            },
            product_reference: "kubevirt-virtctl-0.49.0-150300.8.13.1.x86_64",
            relates_to_product_reference: "SUSE Linux Enterprise Module for Containers 15 SP3",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "kubevirt-container-disk-0.49.0-150300.8.13.1.x86_64 as component of openSUSE Leap 15.3",
               product_id: "openSUSE Leap 15.3:kubevirt-container-disk-0.49.0-150300.8.13.1.x86_64",
            },
            product_reference: "kubevirt-container-disk-0.49.0-150300.8.13.1.x86_64",
            relates_to_product_reference: "openSUSE Leap 15.3",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "kubevirt-manifests-0.49.0-150300.8.13.1.x86_64 as component of openSUSE Leap 15.3",
               product_id: "openSUSE Leap 15.3:kubevirt-manifests-0.49.0-150300.8.13.1.x86_64",
            },
            product_reference: "kubevirt-manifests-0.49.0-150300.8.13.1.x86_64",
            relates_to_product_reference: "openSUSE Leap 15.3",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "kubevirt-tests-0.49.0-150300.8.13.1.x86_64 as component of openSUSE Leap 15.3",
               product_id: "openSUSE Leap 15.3:kubevirt-tests-0.49.0-150300.8.13.1.x86_64",
            },
            product_reference: "kubevirt-tests-0.49.0-150300.8.13.1.x86_64",
            relates_to_product_reference: "openSUSE Leap 15.3",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "kubevirt-virt-api-0.49.0-150300.8.13.1.x86_64 as component of openSUSE Leap 15.3",
               product_id: "openSUSE Leap 15.3:kubevirt-virt-api-0.49.0-150300.8.13.1.x86_64",
            },
            product_reference: "kubevirt-virt-api-0.49.0-150300.8.13.1.x86_64",
            relates_to_product_reference: "openSUSE Leap 15.3",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "kubevirt-virt-controller-0.49.0-150300.8.13.1.x86_64 as component of openSUSE Leap 15.3",
               product_id: "openSUSE Leap 15.3:kubevirt-virt-controller-0.49.0-150300.8.13.1.x86_64",
            },
            product_reference: "kubevirt-virt-controller-0.49.0-150300.8.13.1.x86_64",
            relates_to_product_reference: "openSUSE Leap 15.3",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "kubevirt-virt-handler-0.49.0-150300.8.13.1.x86_64 as component of openSUSE Leap 15.3",
               product_id: "openSUSE Leap 15.3:kubevirt-virt-handler-0.49.0-150300.8.13.1.x86_64",
            },
            product_reference: "kubevirt-virt-handler-0.49.0-150300.8.13.1.x86_64",
            relates_to_product_reference: "openSUSE Leap 15.3",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "kubevirt-virt-launcher-0.49.0-150300.8.13.1.x86_64 as component of openSUSE Leap 15.3",
               product_id: "openSUSE Leap 15.3:kubevirt-virt-launcher-0.49.0-150300.8.13.1.x86_64",
            },
            product_reference: "kubevirt-virt-launcher-0.49.0-150300.8.13.1.x86_64",
            relates_to_product_reference: "openSUSE Leap 15.3",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "kubevirt-virt-operator-0.49.0-150300.8.13.1.x86_64 as component of openSUSE Leap 15.3",
               product_id: "openSUSE Leap 15.3:kubevirt-virt-operator-0.49.0-150300.8.13.1.x86_64",
            },
            product_reference: "kubevirt-virt-operator-0.49.0-150300.8.13.1.x86_64",
            relates_to_product_reference: "openSUSE Leap 15.3",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "kubevirt-virtctl-0.49.0-150300.8.13.1.x86_64 as component of openSUSE Leap 15.3",
               product_id: "openSUSE Leap 15.3:kubevirt-virtctl-0.49.0-150300.8.13.1.x86_64",
            },
            product_reference: "kubevirt-virtctl-0.49.0-150300.8.13.1.x86_64",
            relates_to_product_reference: "openSUSE Leap 15.3",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "obs-service-kubevirt_containers_meta-0.49.0-150300.8.13.1.x86_64 as component of openSUSE Leap 15.3",
               product_id: "openSUSE Leap 15.3:obs-service-kubevirt_containers_meta-0.49.0-150300.8.13.1.x86_64",
            },
            product_reference: "obs-service-kubevirt_containers_meta-0.49.0-150300.8.13.1.x86_64",
            relates_to_product_reference: "openSUSE Leap 15.3",
         },
      ],
   },
   vulnerabilities: [
      {
         cve: "CVE-2022-1798",
         ids: [
            {
               system_name: "SUSE CVE Page",
               text: "https://www.suse.com/security/cve/CVE-2022-1798",
            },
         ],
         notes: [
            {
               category: "general",
               text: "A path traversal vulnerability in KubeVirt versions up to 0.56 (and 0.55.1) on all platforms allows a user able to configure the kubevirt to read arbitrary files on the host filesystem which are publicly readable or which are readable for UID 107 or GID 107. /proc/self/<> is not accessible.",
               title: "CVE description",
            },
         ],
         product_status: {
            recommended: [
               "SUSE Linux Enterprise Module for Containers 15 SP3:kubevirt-manifests-0.49.0-150300.8.13.1.x86_64",
               "SUSE Linux Enterprise Module for Containers 15 SP3:kubevirt-virtctl-0.49.0-150300.8.13.1.x86_64",
               "openSUSE Leap 15.3:kubevirt-container-disk-0.49.0-150300.8.13.1.x86_64",
               "openSUSE Leap 15.3:kubevirt-manifests-0.49.0-150300.8.13.1.x86_64",
               "openSUSE Leap 15.3:kubevirt-tests-0.49.0-150300.8.13.1.x86_64",
               "openSUSE Leap 15.3:kubevirt-virt-api-0.49.0-150300.8.13.1.x86_64",
               "openSUSE Leap 15.3:kubevirt-virt-controller-0.49.0-150300.8.13.1.x86_64",
               "openSUSE Leap 15.3:kubevirt-virt-handler-0.49.0-150300.8.13.1.x86_64",
               "openSUSE Leap 15.3:kubevirt-virt-launcher-0.49.0-150300.8.13.1.x86_64",
               "openSUSE Leap 15.3:kubevirt-virt-operator-0.49.0-150300.8.13.1.x86_64",
               "openSUSE Leap 15.3:kubevirt-virtctl-0.49.0-150300.8.13.1.x86_64",
               "openSUSE Leap 15.3:obs-service-kubevirt_containers_meta-0.49.0-150300.8.13.1.x86_64",
            ],
         },
         references: [
            {
               category: "external",
               summary: "CVE-2022-1798",
               url: "https://www.suse.com/security/cve/CVE-2022-1798",
            },
            {
               category: "external",
               summary: "SUSE Bug 1202516 for CVE-2022-1798",
               url: "https://bugzilla.suse.com/1202516",
            },
         ],
         remediations: [
            {
               category: "vendor_fix",
               details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
               product_ids: [
                  "SUSE Linux Enterprise Module for Containers 15 SP3:kubevirt-manifests-0.49.0-150300.8.13.1.x86_64",
                  "SUSE Linux Enterprise Module for Containers 15 SP3:kubevirt-virtctl-0.49.0-150300.8.13.1.x86_64",
                  "openSUSE Leap 15.3:kubevirt-container-disk-0.49.0-150300.8.13.1.x86_64",
                  "openSUSE Leap 15.3:kubevirt-manifests-0.49.0-150300.8.13.1.x86_64",
                  "openSUSE Leap 15.3:kubevirt-tests-0.49.0-150300.8.13.1.x86_64",
                  "openSUSE Leap 15.3:kubevirt-virt-api-0.49.0-150300.8.13.1.x86_64",
                  "openSUSE Leap 15.3:kubevirt-virt-controller-0.49.0-150300.8.13.1.x86_64",
                  "openSUSE Leap 15.3:kubevirt-virt-handler-0.49.0-150300.8.13.1.x86_64",
                  "openSUSE Leap 15.3:kubevirt-virt-launcher-0.49.0-150300.8.13.1.x86_64",
                  "openSUSE Leap 15.3:kubevirt-virt-operator-0.49.0-150300.8.13.1.x86_64",
                  "openSUSE Leap 15.3:kubevirt-virtctl-0.49.0-150300.8.13.1.x86_64",
                  "openSUSE Leap 15.3:obs-service-kubevirt_containers_meta-0.49.0-150300.8.13.1.x86_64",
               ],
            },
         ],
         scores: [
            {
               cvss_v3: {
                  baseScore: 7.5,
                  baseSeverity: "HIGH",
                  vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                  version: "3.1",
               },
               products: [
                  "SUSE Linux Enterprise Module for Containers 15 SP3:kubevirt-manifests-0.49.0-150300.8.13.1.x86_64",
                  "SUSE Linux Enterprise Module for Containers 15 SP3:kubevirt-virtctl-0.49.0-150300.8.13.1.x86_64",
                  "openSUSE Leap 15.3:kubevirt-container-disk-0.49.0-150300.8.13.1.x86_64",
                  "openSUSE Leap 15.3:kubevirt-manifests-0.49.0-150300.8.13.1.x86_64",
                  "openSUSE Leap 15.3:kubevirt-tests-0.49.0-150300.8.13.1.x86_64",
                  "openSUSE Leap 15.3:kubevirt-virt-api-0.49.0-150300.8.13.1.x86_64",
                  "openSUSE Leap 15.3:kubevirt-virt-controller-0.49.0-150300.8.13.1.x86_64",
                  "openSUSE Leap 15.3:kubevirt-virt-handler-0.49.0-150300.8.13.1.x86_64",
                  "openSUSE Leap 15.3:kubevirt-virt-launcher-0.49.0-150300.8.13.1.x86_64",
                  "openSUSE Leap 15.3:kubevirt-virt-operator-0.49.0-150300.8.13.1.x86_64",
                  "openSUSE Leap 15.3:kubevirt-virtctl-0.49.0-150300.8.13.1.x86_64",
                  "openSUSE Leap 15.3:obs-service-kubevirt_containers_meta-0.49.0-150300.8.13.1.x86_64",
               ],
            },
         ],
         threats: [
            {
               category: "impact",
               date: "2022-09-20T15:19:24Z",
               details: "important",
            },
         ],
         title: "CVE-2022-1798",
      },
      {
         cve: "CVE-2022-1996",
         ids: [
            {
               system_name: "SUSE CVE Page",
               text: "https://www.suse.com/security/cve/CVE-2022-1996",
            },
         ],
         notes: [
            {
               category: "general",
               text: "Authorization Bypass Through User-Controlled Key in GitHub repository emicklei/go-restful prior to v3.8.0.",
               title: "CVE description",
            },
         ],
         product_status: {
            recommended: [
               "SUSE Linux Enterprise Module for Containers 15 SP3:kubevirt-manifests-0.49.0-150300.8.13.1.x86_64",
               "SUSE Linux Enterprise Module for Containers 15 SP3:kubevirt-virtctl-0.49.0-150300.8.13.1.x86_64",
               "openSUSE Leap 15.3:kubevirt-container-disk-0.49.0-150300.8.13.1.x86_64",
               "openSUSE Leap 15.3:kubevirt-manifests-0.49.0-150300.8.13.1.x86_64",
               "openSUSE Leap 15.3:kubevirt-tests-0.49.0-150300.8.13.1.x86_64",
               "openSUSE Leap 15.3:kubevirt-virt-api-0.49.0-150300.8.13.1.x86_64",
               "openSUSE Leap 15.3:kubevirt-virt-controller-0.49.0-150300.8.13.1.x86_64",
               "openSUSE Leap 15.3:kubevirt-virt-handler-0.49.0-150300.8.13.1.x86_64",
               "openSUSE Leap 15.3:kubevirt-virt-launcher-0.49.0-150300.8.13.1.x86_64",
               "openSUSE Leap 15.3:kubevirt-virt-operator-0.49.0-150300.8.13.1.x86_64",
               "openSUSE Leap 15.3:kubevirt-virtctl-0.49.0-150300.8.13.1.x86_64",
               "openSUSE Leap 15.3:obs-service-kubevirt_containers_meta-0.49.0-150300.8.13.1.x86_64",
            ],
         },
         references: [
            {
               category: "external",
               summary: "CVE-2022-1996",
               url: "https://www.suse.com/security/cve/CVE-2022-1996",
            },
            {
               category: "external",
               summary: "SUSE Bug 1200528 for CVE-2022-1996",
               url: "https://bugzilla.suse.com/1200528",
            },
         ],
         remediations: [
            {
               category: "vendor_fix",
               details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
               product_ids: [
                  "SUSE Linux Enterprise Module for Containers 15 SP3:kubevirt-manifests-0.49.0-150300.8.13.1.x86_64",
                  "SUSE Linux Enterprise Module for Containers 15 SP3:kubevirt-virtctl-0.49.0-150300.8.13.1.x86_64",
                  "openSUSE Leap 15.3:kubevirt-container-disk-0.49.0-150300.8.13.1.x86_64",
                  "openSUSE Leap 15.3:kubevirt-manifests-0.49.0-150300.8.13.1.x86_64",
                  "openSUSE Leap 15.3:kubevirt-tests-0.49.0-150300.8.13.1.x86_64",
                  "openSUSE Leap 15.3:kubevirt-virt-api-0.49.0-150300.8.13.1.x86_64",
                  "openSUSE Leap 15.3:kubevirt-virt-controller-0.49.0-150300.8.13.1.x86_64",
                  "openSUSE Leap 15.3:kubevirt-virt-handler-0.49.0-150300.8.13.1.x86_64",
                  "openSUSE Leap 15.3:kubevirt-virt-launcher-0.49.0-150300.8.13.1.x86_64",
                  "openSUSE Leap 15.3:kubevirt-virt-operator-0.49.0-150300.8.13.1.x86_64",
                  "openSUSE Leap 15.3:kubevirt-virtctl-0.49.0-150300.8.13.1.x86_64",
                  "openSUSE Leap 15.3:obs-service-kubevirt_containers_meta-0.49.0-150300.8.13.1.x86_64",
               ],
            },
         ],
         scores: [
            {
               cvss_v3: {
                  baseScore: 9.1,
                  baseSeverity: "CRITICAL",
                  vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
                  version: "3.1",
               },
               products: [
                  "SUSE Linux Enterprise Module for Containers 15 SP3:kubevirt-manifests-0.49.0-150300.8.13.1.x86_64",
                  "SUSE Linux Enterprise Module for Containers 15 SP3:kubevirt-virtctl-0.49.0-150300.8.13.1.x86_64",
                  "openSUSE Leap 15.3:kubevirt-container-disk-0.49.0-150300.8.13.1.x86_64",
                  "openSUSE Leap 15.3:kubevirt-manifests-0.49.0-150300.8.13.1.x86_64",
                  "openSUSE Leap 15.3:kubevirt-tests-0.49.0-150300.8.13.1.x86_64",
                  "openSUSE Leap 15.3:kubevirt-virt-api-0.49.0-150300.8.13.1.x86_64",
                  "openSUSE Leap 15.3:kubevirt-virt-controller-0.49.0-150300.8.13.1.x86_64",
                  "openSUSE Leap 15.3:kubevirt-virt-handler-0.49.0-150300.8.13.1.x86_64",
                  "openSUSE Leap 15.3:kubevirt-virt-launcher-0.49.0-150300.8.13.1.x86_64",
                  "openSUSE Leap 15.3:kubevirt-virt-operator-0.49.0-150300.8.13.1.x86_64",
                  "openSUSE Leap 15.3:kubevirt-virtctl-0.49.0-150300.8.13.1.x86_64",
                  "openSUSE Leap 15.3:obs-service-kubevirt_containers_meta-0.49.0-150300.8.13.1.x86_64",
               ],
            },
         ],
         threats: [
            {
               category: "impact",
               date: "2022-09-20T15:19:24Z",
               details: "critical",
            },
         ],
         title: "CVE-2022-1996",
      },
      {
         cve: "CVE-2022-29162",
         ids: [
            {
               system_name: "SUSE CVE Page",
               text: "https://www.suse.com/security/cve/CVE-2022-29162",
            },
         ],
         notes: [
            {
               category: "general",
               text: "runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. A bug was found in runc prior to version 1.1.2 where `runc exec --cap` created processes with non-empty inheritable Linux process capabilities, creating an atypical Linux environment and enabling programs with inheritable file capabilities to elevate those capabilities to the permitted set during execve(2). This bug did not affect the container security sandbox as the inheritable set never contained more capabilities than were included in the container's bounding set. This bug has been fixed in runc 1.1.2. This fix changes `runc exec --cap` behavior such that the additional capabilities granted to the process being executed (as specified via `--cap` arguments) do not include inheritable capabilities. In addition, `runc spec` is changed to not set any inheritable capabilities in the created example OCI spec (`config.json`) file.",
               title: "CVE description",
            },
         ],
         product_status: {
            recommended: [
               "SUSE Linux Enterprise Module for Containers 15 SP3:kubevirt-manifests-0.49.0-150300.8.13.1.x86_64",
               "SUSE Linux Enterprise Module for Containers 15 SP3:kubevirt-virtctl-0.49.0-150300.8.13.1.x86_64",
               "openSUSE Leap 15.3:kubevirt-container-disk-0.49.0-150300.8.13.1.x86_64",
               "openSUSE Leap 15.3:kubevirt-manifests-0.49.0-150300.8.13.1.x86_64",
               "openSUSE Leap 15.3:kubevirt-tests-0.49.0-150300.8.13.1.x86_64",
               "openSUSE Leap 15.3:kubevirt-virt-api-0.49.0-150300.8.13.1.x86_64",
               "openSUSE Leap 15.3:kubevirt-virt-controller-0.49.0-150300.8.13.1.x86_64",
               "openSUSE Leap 15.3:kubevirt-virt-handler-0.49.0-150300.8.13.1.x86_64",
               "openSUSE Leap 15.3:kubevirt-virt-launcher-0.49.0-150300.8.13.1.x86_64",
               "openSUSE Leap 15.3:kubevirt-virt-operator-0.49.0-150300.8.13.1.x86_64",
               "openSUSE Leap 15.3:kubevirt-virtctl-0.49.0-150300.8.13.1.x86_64",
               "openSUSE Leap 15.3:obs-service-kubevirt_containers_meta-0.49.0-150300.8.13.1.x86_64",
            ],
         },
         references: [
            {
               category: "external",
               summary: "CVE-2022-29162",
               url: "https://www.suse.com/security/cve/CVE-2022-29162",
            },
            {
               category: "external",
               summary: "SUSE Bug 1199460 for CVE-2022-29162",
               url: "https://bugzilla.suse.com/1199460",
            },
         ],
         remediations: [
            {
               category: "vendor_fix",
               details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
               product_ids: [
                  "SUSE Linux Enterprise Module for Containers 15 SP3:kubevirt-manifests-0.49.0-150300.8.13.1.x86_64",
                  "SUSE Linux Enterprise Module for Containers 15 SP3:kubevirt-virtctl-0.49.0-150300.8.13.1.x86_64",
                  "openSUSE Leap 15.3:kubevirt-container-disk-0.49.0-150300.8.13.1.x86_64",
                  "openSUSE Leap 15.3:kubevirt-manifests-0.49.0-150300.8.13.1.x86_64",
                  "openSUSE Leap 15.3:kubevirt-tests-0.49.0-150300.8.13.1.x86_64",
                  "openSUSE Leap 15.3:kubevirt-virt-api-0.49.0-150300.8.13.1.x86_64",
                  "openSUSE Leap 15.3:kubevirt-virt-controller-0.49.0-150300.8.13.1.x86_64",
                  "openSUSE Leap 15.3:kubevirt-virt-handler-0.49.0-150300.8.13.1.x86_64",
                  "openSUSE Leap 15.3:kubevirt-virt-launcher-0.49.0-150300.8.13.1.x86_64",
                  "openSUSE Leap 15.3:kubevirt-virt-operator-0.49.0-150300.8.13.1.x86_64",
                  "openSUSE Leap 15.3:kubevirt-virtctl-0.49.0-150300.8.13.1.x86_64",
                  "openSUSE Leap 15.3:obs-service-kubevirt_containers_meta-0.49.0-150300.8.13.1.x86_64",
               ],
            },
         ],
         scores: [
            {
               cvss_v3: {
                  baseScore: 4,
                  baseSeverity: "MEDIUM",
                  vectorString: "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
                  version: "3.1",
               },
               products: [
                  "SUSE Linux Enterprise Module for Containers 15 SP3:kubevirt-manifests-0.49.0-150300.8.13.1.x86_64",
                  "SUSE Linux Enterprise Module for Containers 15 SP3:kubevirt-virtctl-0.49.0-150300.8.13.1.x86_64",
                  "openSUSE Leap 15.3:kubevirt-container-disk-0.49.0-150300.8.13.1.x86_64",
                  "openSUSE Leap 15.3:kubevirt-manifests-0.49.0-150300.8.13.1.x86_64",
                  "openSUSE Leap 15.3:kubevirt-tests-0.49.0-150300.8.13.1.x86_64",
                  "openSUSE Leap 15.3:kubevirt-virt-api-0.49.0-150300.8.13.1.x86_64",
                  "openSUSE Leap 15.3:kubevirt-virt-controller-0.49.0-150300.8.13.1.x86_64",
                  "openSUSE Leap 15.3:kubevirt-virt-handler-0.49.0-150300.8.13.1.x86_64",
                  "openSUSE Leap 15.3:kubevirt-virt-launcher-0.49.0-150300.8.13.1.x86_64",
                  "openSUSE Leap 15.3:kubevirt-virt-operator-0.49.0-150300.8.13.1.x86_64",
                  "openSUSE Leap 15.3:kubevirt-virtctl-0.49.0-150300.8.13.1.x86_64",
                  "openSUSE Leap 15.3:obs-service-kubevirt_containers_meta-0.49.0-150300.8.13.1.x86_64",
               ],
            },
         ],
         threats: [
            {
               category: "impact",
               date: "2022-09-20T15:19:24Z",
               details: "low",
            },
         ],
         title: "CVE-2022-29162",
      },
   ],
}

cve-2022-1798

Vulnerability from cvelistv5

Published

2022-09-15 15:45

Modified

2025-04-21 13:49

Severity ?

8.7 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:H

Summary

A path traversal vulnerability in KubeVirt versions up to 0.56 (and 0.55.1) on all platforms allows a user able to configure the kubevirt to read arbitrary files on the host filesystem which are publicly readable or which are readable for UID 107 or GID 107. /proc/self/<> is not accessible.

References

▼	URL	Tags
	https://github.com/kubevirt/kubevirt/security/advisories/GHSA-qv98-3369-g364	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	Google LLC	Kubevirt	Version: unspecified < 0.55.1 Version: unspecified < 0.56.0

Show details on NVD website

JSON

To clipboard

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-03T00:17:00.704Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://github.com/kubevirt/kubevirt/security/advisories/GHSA-qv98-3369-g364",
               },
            ],
            title: "CVE Program Container",
         },
         {
            metrics: [
               {
                  other: {
                     content: {
                        id: "CVE-2022-1798",
                        options: [
                           {
                              Exploitation: "poc",
                           },
                           {
                              Automatable: "no",
                           },
                           {
                              "Technical Impact": "partial",
                           },
                        ],
                        role: "CISA Coordinator",
                        timestamp: "2025-04-21T13:39:15.451210Z",
                        version: "2.0.3",
                     },
                     type: "ssvc",
                  },
               },
            ],
            providerMetadata: {
               dateUpdated: "2025-04-21T13:49:58.573Z",
               orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0",
               shortName: "CISA-ADP",
            },
            title: "CISA ADP Vulnrichment",
         },
      ],
      cna: {
         affected: [
            {
               platforms: [
                  "all",
               ],
               product: "Kubevirt",
               vendor: "Google LLC",
               versions: [
                  {
                     lessThan: "0.55.1",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
                  {
                     lessThan: "0.56.0",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
               ],
            },
         ],
         credits: [
            {
               lang: "en",
               value: "Oliver Brooks and James Klopchic of NCC Group",
            },
            {
               lang: "en",
               value: "Diane Dubois and Roman Mohr of Google",
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "A path traversal vulnerability in KubeVirt versions up to 0.56 (and 0.55.1) on all platforms allows a user able to configure the kubevirt to read arbitrary files on the host filesystem which are publicly readable or which are readable for UID 107 or GID 107. /proc/self/<> is not accessible.",
            },
         ],
         metrics: [
            {
               cvssV3_1: {
                  attackComplexity: "LOW",
                  attackVector: "LOCAL",
                  availabilityImpact: "HIGH",
                  baseScore: 8.7,
                  baseSeverity: "HIGH",
                  confidentialityImpact: "HIGH",
                  integrityImpact: "LOW",
                  privilegesRequired: "LOW",
                  scope: "CHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:H",
                  version: "3.1",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-20",
                     description: "CWE-20 Improper Input Validation",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2022-09-15T15:45:12.000Z",
            orgId: "14ed7db2-1595-443d-9d34-6215bf890778",
            shortName: "Google",
         },
         references: [
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://github.com/kubevirt/kubevirt/security/advisories/GHSA-qv98-3369-g364",
            },
         ],
         source: {
            discovery: "EXTERNAL",
         },
         title: "Path Traversal vulnerability in Kubevirt",
         x_generator: {
            engine: "Vulnogram 0.0.9",
         },
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "security@google.com",
               ID: "CVE-2022-1798",
               STATE: "PUBLIC",
               TITLE: "Path Traversal vulnerability in Kubevirt",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "Kubevirt",
                                 version: {
                                    version_data: [
                                       {
                                          platform: "all",
                                          version_affected: "<",
                                          version_value: "0.55.1",
                                       },
                                       {
                                          platform: "all",
                                          version_affected: "<",
                                          version_value: "0.56.0",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "Google LLC",
                     },
                  ],
               },
            },
            credit: [
               {
                  lang: "eng",
                  value: "Oliver Brooks and James Klopchic of NCC Group",
               },
               {
                  lang: "eng",
                  value: "Diane Dubois and Roman Mohr of Google",
               },
            ],
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "A path traversal vulnerability in KubeVirt versions up to 0.56 (and 0.55.1) on all platforms allows a user able to configure the kubevirt to read arbitrary files on the host filesystem which are publicly readable or which are readable for UID 107 or GID 107. /proc/self/<> is not accessible.",
                  },
               ],
            },
            generator: {
               engine: "Vulnogram 0.0.9",
            },
            impact: {
               cvss: {
                  attackComplexity: "LOW",
                  attackVector: "LOCAL",
                  availabilityImpact: "HIGH",
                  baseScore: 8.7,
                  baseSeverity: "HIGH",
                  confidentialityImpact: "HIGH",
                  integrityImpact: "LOW",
                  privilegesRequired: "LOW",
                  scope: "CHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:H",
                  version: "3.1",
               },
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "CWE-20 Improper Input Validation",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://github.com/kubevirt/kubevirt/security/advisories/GHSA-qv98-3369-g364",
                     refsource: "CONFIRM",
                     url: "https://github.com/kubevirt/kubevirt/security/advisories/GHSA-qv98-3369-g364",
                  },
               ],
            },
            source: {
               discovery: "EXTERNAL",
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "14ed7db2-1595-443d-9d34-6215bf890778",
      assignerShortName: "Google",
      cveId: "CVE-2022-1798",
      datePublished: "2022-09-15T15:45:12.000Z",
      dateReserved: "2022-05-19T00:00:00.000Z",
      dateUpdated: "2025-04-21T13:49:58.573Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2022-1996

Vulnerability from cvelistv5

Published

2022-06-06 00:00

Modified

2024-08-03 00:24

Severity ?

9.3 (Critical) - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N

Summary

Authorization Bypass Through User-Controlled Key in GitHub repository emicklei/go-restful prior to v3.8.0.

References

▼	URL	Tags
	https://huntr.dev/bounties/be837427-415c-4d8c-808b-62ce20aa84f1
	https://github.com/emicklei/go-restful/commit/fd3c327a379ce08c68ef18765bdc925f5d9bad10
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OBDD3Q23RCGAGHIXUCWBU6N3S4RNAKXB/	vendor-advisory
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/575BLJ3Y2EQBRNTFR2OSQQ6L2W6UCST3/	vendor-advisory
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZY2SLWOQR4ZURQ7UBRZ7JIX6H6F5JHJR/	vendor-advisory
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z55VUVGO7E5PJFXIOVAY373NZRHBNCI5/	vendor-advisory
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RQXU752ALW53OJAF5MG3WMR5CCZVLWW6/	vendor-advisory
	https://security.netapp.com/advisory/ntap-20220923-0005/
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W56PP46JVZEKCANBKXFKRVSBBRRMCY6V/	vendor-advisory
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZGQKWD6SE75PFBPFVSZYAKAVXKBZXKWS/	vendor-advisory
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SO5QC2JFW2PXBWAE27OYYYL5SPFUBHTY/	vendor-advisory

Impacted products

	Vendor	Product	Version
	emicklei	emicklei/go-restful	Version: unspecified < v3.8.0

Show details on NVD website

JSON

To clipboard

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-03T00:24:43.677Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://huntr.dev/bounties/be837427-415c-4d8c-808b-62ce20aa84f1",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://github.com/emicklei/go-restful/commit/fd3c327a379ce08c68ef18765bdc925f5d9bad10",
               },
               {
                  name: "FEDORA-2022-185697ef56",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OBDD3Q23RCGAGHIXUCWBU6N3S4RNAKXB/",
               },
               {
                  name: "FEDORA-2022-589a0ad690",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/575BLJ3Y2EQBRNTFR2OSQQ6L2W6UCST3/",
               },
               {
                  name: "FEDORA-2022-fae3ecee19",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZY2SLWOQR4ZURQ7UBRZ7JIX6H6F5JHJR/",
               },
               {
                  name: "FEDORA-2022-ba365d3703",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z55VUVGO7E5PJFXIOVAY373NZRHBNCI5/",
               },
               {
                  name: "FEDORA-2022-30c5ed5625",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RQXU752ALW53OJAF5MG3WMR5CCZVLWW6/",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://security.netapp.com/advisory/ntap-20220923-0005/",
               },
               {
                  name: "FEDORA-2023-6550d9323b",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W56PP46JVZEKCANBKXFKRVSBBRRMCY6V/",
               },
               {
                  name: "FEDORA-2023-4e2068ba5d",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZGQKWD6SE75PFBPFVSZYAKAVXKBZXKWS/",
               },
               {
                  name: "FEDORA-2023-c9b2182a4e",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SO5QC2JFW2PXBWAE27OYYYL5SPFUBHTY/",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "emicklei/go-restful",
               vendor: "emicklei",
               versions: [
                  {
                     lessThan: "v3.8.0",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Authorization Bypass Through User-Controlled Key in GitHub repository emicklei/go-restful prior to v3.8.0.",
            },
         ],
         metrics: [
            {
               cvssV3_0: {
                  attackComplexity: "LOW",
                  attackVector: "NETWORK",
                  availabilityImpact: "NONE",
                  baseScore: 9.3,
                  baseSeverity: "CRITICAL",
                  confidentialityImpact: "HIGH",
                  integrityImpact: "HIGH",
                  privilegesRequired: "NONE",
                  scope: "CHANGED",
                  userInteraction: "REQUIRED",
                  vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N",
                  version: "3.0",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-639",
                     description: "CWE-639 Authorization Bypass Through User-Controlled Key",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2023-02-23T00:00:00",
            orgId: "c09c270a-b464-47c1-9133-acb35b22c19a",
            shortName: "@huntrdev",
         },
         references: [
            {
               url: "https://huntr.dev/bounties/be837427-415c-4d8c-808b-62ce20aa84f1",
            },
            {
               url: "https://github.com/emicklei/go-restful/commit/fd3c327a379ce08c68ef18765bdc925f5d9bad10",
            },
            {
               name: "FEDORA-2022-185697ef56",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OBDD3Q23RCGAGHIXUCWBU6N3S4RNAKXB/",
            },
            {
               name: "FEDORA-2022-589a0ad690",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/575BLJ3Y2EQBRNTFR2OSQQ6L2W6UCST3/",
            },
            {
               name: "FEDORA-2022-fae3ecee19",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZY2SLWOQR4ZURQ7UBRZ7JIX6H6F5JHJR/",
            },
            {
               name: "FEDORA-2022-ba365d3703",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z55VUVGO7E5PJFXIOVAY373NZRHBNCI5/",
            },
            {
               name: "FEDORA-2022-30c5ed5625",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RQXU752ALW53OJAF5MG3WMR5CCZVLWW6/",
            },
            {
               url: "https://security.netapp.com/advisory/ntap-20220923-0005/",
            },
            {
               name: "FEDORA-2023-6550d9323b",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W56PP46JVZEKCANBKXFKRVSBBRRMCY6V/",
            },
            {
               name: "FEDORA-2023-4e2068ba5d",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZGQKWD6SE75PFBPFVSZYAKAVXKBZXKWS/",
            },
            {
               name: "FEDORA-2023-c9b2182a4e",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SO5QC2JFW2PXBWAE27OYYYL5SPFUBHTY/",
            },
         ],
         source: {
            advisory: "be837427-415c-4d8c-808b-62ce20aa84f1",
            discovery: "EXTERNAL",
         },
         title: "Authorization Bypass Through User-Controlled Key in emicklei/go-restful",
      },
   },
   cveMetadata: {
      assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a",
      assignerShortName: "@huntrdev",
      cveId: "CVE-2022-1996",
      datePublished: "2022-06-06T00:00:00",
      dateReserved: "2022-06-06T00:00:00",
      dateUpdated: "2024-08-03T00:24:43.677Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2022-29162

Vulnerability from cvelistv5

Published

2022-05-17 00:00

Modified

2025-04-23 18:25

Severity ?

5.9 (Medium) - CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Summary

runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. A bug was found in runc prior to version 1.1.2 where `runc exec --cap` created processes with non-empty inheritable Linux process capabilities, creating an atypical Linux environment and enabling programs with inheritable file capabilities to elevate those capabilities to the permitted set during execve(2). This bug did not affect the container security sandbox as the inheritable set never contained more capabilities than were included in the container's bounding set. This bug has been fixed in runc 1.1.2. This fix changes `runc exec --cap` behavior such that the additional capabilities granted to the process being executed (as specified via `--cap` arguments) do not include inheritable capabilities. In addition, `runc spec` is changed to not set any inheritable capabilities in the created example OCI spec (`config.json`) file.

References

▼	URL	Tags
	https://github.com/opencontainers/runc/security/advisories/GHSA-f3fp-gc8g-vw66
	https://github.com/opencontainers/runc/commit/d04de3a9b72d7a2455c1885fc75eb36d02cd17b5
	https://github.com/opencontainers/runc/releases/tag/v1.1.2
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D77CKD3AXPMU4PMQIQI5Q74SI4JATNND/	vendor-advisory
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GPQU4YC4AAY54JDXGDQHJEYKSXXG5T2Y/	vendor-advisory
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AVPZBV7ISA7QKRPTC7ZXWKMIQI2HZEBB/	vendor-advisory
	https://lists.debian.org/debian-lts-announce/2023/03/msg00023.html	mailing-list

Impacted products

	Vendor	Product	Version
	opencontainers	runc	Version: < 1.1.2

Show details on NVD website

JSON

To clipboard

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-03T06:10:59.359Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://github.com/opencontainers/runc/security/advisories/GHSA-f3fp-gc8g-vw66",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://github.com/opencontainers/runc/commit/d04de3a9b72d7a2455c1885fc75eb36d02cd17b5",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://github.com/opencontainers/runc/releases/tag/v1.1.2",
               },
               {
                  name: "FEDORA-2022-91b747a0d7",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D77CKD3AXPMU4PMQIQI5Q74SI4JATNND/",
               },
               {
                  name: "FEDORA-2022-e980dc71b1",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GPQU4YC4AAY54JDXGDQHJEYKSXXG5T2Y/",
               },
               {
                  name: "FEDORA-2022-d1f55f8fd0",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AVPZBV7ISA7QKRPTC7ZXWKMIQI2HZEBB/",
               },
               {
                  name: "[debian-lts-announce] 20230327 [SECURITY] [DLA 3369-1] runc security update",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "https://lists.debian.org/debian-lts-announce/2023/03/msg00023.html",
               },
            ],
            title: "CVE Program Container",
         },
         {
            metrics: [
               {
                  other: {
                     content: {
                        id: "CVE-2022-29162",
                        options: [
                           {
                              Exploitation: "none",
                           },
                           {
                              Automatable: "no",
                           },
                           {
                              "Technical Impact": "partial",
                           },
                        ],
                        role: "CISA Coordinator",
                        timestamp: "2025-04-23T14:07:31.141979Z",
                        version: "2.0.3",
                     },
                     type: "ssvc",
                  },
               },
            ],
            providerMetadata: {
               dateUpdated: "2025-04-23T18:25:42.249Z",
               orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0",
               shortName: "CISA-ADP",
            },
            title: "CISA ADP Vulnrichment",
         },
      ],
      cna: {
         affected: [
            {
               product: "runc",
               vendor: "opencontainers",
               versions: [
                  {
                     status: "affected",
                     version: "< 1.1.2",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. A bug was found in runc prior to version 1.1.2 where `runc exec --cap` created processes with non-empty inheritable Linux process capabilities, creating an atypical Linux environment and enabling programs with inheritable file capabilities to elevate those capabilities to the permitted set during execve(2). This bug did not affect the container security sandbox as the inheritable set never contained more capabilities than were included in the container's bounding set. This bug has been fixed in runc 1.1.2. This fix changes `runc exec --cap` behavior such that the additional capabilities granted to the process being executed (as specified via `--cap` arguments) do not include inheritable capabilities. In addition, `runc spec` is changed to not set any inheritable capabilities in the created example OCI spec (`config.json`) file.",
            },
         ],
         metrics: [
            {
               cvssV3_1: {
                  attackComplexity: "LOW",
                  attackVector: "LOCAL",
                  availabilityImpact: "LOW",
                  baseScore: 5.9,
                  baseSeverity: "MEDIUM",
                  confidentialityImpact: "LOW",
                  integrityImpact: "LOW",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
                  version: "3.1",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-276",
                     description: "CWE-276: Incorrect Default Permissions",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2023-03-27T00:00:00.000Z",
            orgId: "a0819718-46f1-4df5-94e2-005712e83aaa",
            shortName: "GitHub_M",
         },
         references: [
            {
               url: "https://github.com/opencontainers/runc/security/advisories/GHSA-f3fp-gc8g-vw66",
            },
            {
               url: "https://github.com/opencontainers/runc/commit/d04de3a9b72d7a2455c1885fc75eb36d02cd17b5",
            },
            {
               url: "https://github.com/opencontainers/runc/releases/tag/v1.1.2",
            },
            {
               name: "FEDORA-2022-91b747a0d7",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D77CKD3AXPMU4PMQIQI5Q74SI4JATNND/",
            },
            {
               name: "FEDORA-2022-e980dc71b1",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GPQU4YC4AAY54JDXGDQHJEYKSXXG5T2Y/",
            },
            {
               name: "FEDORA-2022-d1f55f8fd0",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AVPZBV7ISA7QKRPTC7ZXWKMIQI2HZEBB/",
            },
            {
               name: "[debian-lts-announce] 20230327 [SECURITY] [DLA 3369-1] runc security update",
               tags: [
                  "mailing-list",
               ],
               url: "https://lists.debian.org/debian-lts-announce/2023/03/msg00023.html",
            },
         ],
         source: {
            advisory: "GHSA-f3fp-gc8g-vw66",
            discovery: "UNKNOWN",
         },
         title: "Incorrect Default Permissions in runc",
      },
   },
   cveMetadata: {
      assignerOrgId: "a0819718-46f1-4df5-94e2-005712e83aaa",
      assignerShortName: "GitHub_M",
      cveId: "CVE-2022-29162",
      datePublished: "2022-05-17T00:00:00.000Z",
      dateReserved: "2022-04-13T00:00:00.000Z",
      dateUpdated: "2025-04-23T18:25:42.249Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

Vulnerability from csaf_suse

cve-2022-1798

Vulnerability from cvelistv5

cve-2022-1996

Vulnerability from cvelistv5

cve-2022-29162

Vulnerability from cvelistv5

Tags

Sightings

Nomenclature