Vulnerabilities > CVE-2022-2989 - Placement of User into Incorrect Group vulnerability in multiple products

CVSS 7.1 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

NONE

local

low complexity

podman-project

redhat

CWE-842

NVD

Published: 2022-09-13

Updated: 2023-02-12

Summary

An incorrect handling of the supplementary groups in the Podman container engine might lead to the sensitive information disclosure or possible data modification if an attacker has direct access to the affected container where supplementary groups are used to set access permissions and is able to execute a binary code in that container.

Vulnerable Configurations

Part	Description	Count
Application	Podman_Project Podman Project Podman *	1
Application	Redhat Redhat Openshift Container Platform 3.11 Redhat Openshift Container Platform 4.0	2
OS	Redhat Redhat Enterprise Linux 7.0 Redhat Enterprise Linux 8.0 Redhat Enterprise Linux 9.0	3

Common Weakness Enumeration (CWE)

CWE-842 - Placement of User into Incorrect Group

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References