CVE-2022-2989

CVE-2022-2989

Name

CVE-2022-2989

Description

An incorrect handling of the supplementary groups in the Podman container engine might lead to the sensitive information disclosure or possible data modification if an attacker has direct access to the affected container where supplementary groups are used to set access permissions and is able to execute a binary code in that container.

NVD Severity

medium

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
MISC	https://bugzilla.redhat.com/show_bug.cgi?id=2121445
MISC	https://www.benthamsgaze.org/2022/08/22/vulnerability-in-linux-containers-investigation-and-mitigation/

Type

URI

MISC

https://bugzilla.redhat.com/show_bug.cgi?id=2121445

MISC

https://www.benthamsgaze.org/2022/08/22/vulnerability-in-linux-containers-investigation-and-mitigation/

CPE URI	Source package	Min version	Max version
`cpe:2.3:a:podman_project:podman::::::::`	podman	== None	== None

CPE URI

Source package

Min version

Max version

cpe:2.3:a:podman_project:podman:*:*:*:*:*:*:*:*

podman

== None

Vulnerable and fixed packages

Source package	Branch	Version	Maintainer	Status
podman	3.16-community	4.1.0-r5	Michał Polański <michal@polanski.me>	possibly vulnerable
podman	3.17-community	4.3.1-r4	Michał Polański <michal@polanski.me>	fixed
podman	3.18-community	4.5.1-r6	Michał Polański <michal@polanski.me>	fixed
podman	edge-community	4.8.0-r0	Michał Polański <michal@polanski.me>	fixed

Source package

Branch

Version

Maintainer

Status

podman

3.16-community

4.1.0-r5

Michał Polański <michal@polanski.me>

possibly vulnerable

podman

3.17-community