blob: 7e2a4be7e625776f0fbbffa2b10d56a5830ef0e6 [file] [log] [blame]
packages:
- module: github.com/containers/buildah
symbols:
- setupCapAdd
- setupCapDrop
versions:
- fixed: 1.25.0
vulnerable_at: 1.24.0
- module: github.com/containers/buildah
package: github.com/containers/buildah/chroot
symbols:
- setCapabilities
versions:
- fixed: 1.25.0
vulnerable_at: 1.24.0
description: |
Containers are created with non-empty inheritable Linux process
capabilities, permitting programs with inheritable file capabilities
to elevate those capabilities to the permitted set during execve(2).
This bug does not affect the container security sandbox, as the
inheritable set never contains more capabilities than are included
in the container's bounding set.
cves:
- CVE-2022-27651
ghsas:
- GHSA-c3g4-w6cv-6v7h
links:
commit: https://github.com/containers/buildah/commit/e7e55c988c05dd74005184ceb64f097a0cfe645b
context:
- https://bugzilla.redhat.com/show_bug.cgi?id=2066840