Refine your search
5 vulnerabilities found for by containers
CVE-2026-33414 (GCVE-0-2026-33414)
Vulnerability from cvelistv5
Published
2026-04-14 22:42
Modified
2026-04-16 13:57
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Summary
Podman is a tool for managing OCI containers and pods. Versions 4.8.0 through 5.8.1 contain a command injection vulnerability in the HyperV machine backend in pkg/machine/hyperv/stubber.go, where the VM image path is inserted into a PowerShell double-quoted string without sanitization, allowing $() subexpression injection. Because PowerShell evaluates subexpressions inside double-quoted strings before executing the outer command, an attacker who can control the VM image path through a crafted machine name or image directory can execute arbitrary PowerShell commands with the privileges of the Podman process. On typical Windows installations this means SYSTEM-level code execution, and only Windows is affected as the code is exclusive to the HyperV backend. This issue has been patched in version 5.8.2.
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| containers | podman |
Version: >= 4.8.0, < 5.8.2 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-33414",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-16T13:57:01.669490Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-16T13:57:28.317Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "podman",
"vendor": "containers",
"versions": [
{
"status": "affected",
"version": "\u003e= 4.8.0, \u003c 5.8.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Podman is a tool for managing OCI containers and pods. Versions 4.8.0 through 5.8.1 contain a command injection vulnerability in the HyperV machine backend in pkg/machine/hyperv/stubber.go, where the VM image path is inserted into a PowerShell double-quoted string without sanitization, allowing $() subexpression injection. Because PowerShell evaluates subexpressions inside double-quoted strings before executing the outer command, an attacker who can control the VM image path through a crafted machine name or image directory can execute arbitrary PowerShell commands with the privileges of the Podman process. On typical Windows installations this means SYSTEM-level code execution, and only Windows is affected as the code is exclusive to the HyperV backend. This issue has been patched in version 5.8.2."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "HIGH",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 4,
"baseSeverity": "MEDIUM",
"privilegesRequired": "HIGH",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-14T22:42:19.822Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/containers/podman/security/advisories/GHSA-hc8w-h2mf-hp59",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/containers/podman/security/advisories/GHSA-hc8w-h2mf-hp59"
},
{
"name": "https://github.com/containers/podman/commit/571c842bd357ee626019ea97d030fb772fc654ed",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/containers/podman/commit/571c842bd357ee626019ea97d030fb772fc654ed"
}
],
"source": {
"advisory": "GHSA-hc8w-h2mf-hp59",
"discovery": "UNKNOWN"
},
"title": "PowerShell Command Injection in Podman HyperV Machine"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-33414",
"datePublished": "2026-04-14T22:42:19.822Z",
"dateReserved": "2026-03-19T17:02:34.171Z",
"dateUpdated": "2026-04-16T13:57:28.317Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-35406 (GCVE-0-2026-35406)
Vulnerability from cvelistv5
Published
2026-04-07 21:32
Modified
2026-04-08 16:14
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-400 - Uncontrolled Resource Consumption
Summary
Aardvark-dns is an authoritative dns server for A/AAAA container records. From 1.16.0 to 1.17.0, a truncated TCP DNS query followed by a connection reset causes aardvark-dns to enter an unrecoverable infinite error loop at 100% CPU. This vulnerability is fixed in 1.17.1.
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| containers | aardvark-dns |
Version: >= 1.16.0, < 1.17.1 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-35406",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-08T16:09:52.961124Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T16:14:33.190Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "aardvark-dns",
"vendor": "containers",
"versions": [
{
"status": "affected",
"version": "\u003e= 1.16.0, \u003c 1.17.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Aardvark-dns is an authoritative dns server for A/AAAA container records. From 1.16.0 to 1.17.0, a truncated TCP DNS query followed by a connection reset causes aardvark-dns to enter an unrecoverable infinite error loop at 100% CPU. This vulnerability is fixed in 1.17.1."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400: Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-07T21:32:23.512Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/containers/aardvark-dns/security/advisories/GHSA-hfpq-x728-986j",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/containers/aardvark-dns/security/advisories/GHSA-hfpq-x728-986j"
},
{
"name": "https://github.com/containers/aardvark-dns/commit/3b49ea7b38bdea134b7f03256f2e13f44ce73bb1",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/containers/aardvark-dns/commit/3b49ea7b38bdea134b7f03256f2e13f44ce73bb1"
},
{
"name": "https://github.com/containers/aardvark-dns/releases/tag/v1.17.1",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/containers/aardvark-dns/releases/tag/v1.17.1"
}
],
"source": {
"advisory": "GHSA-hfpq-x728-986j",
"discovery": "UNKNOWN"
},
"title": "Aardvark-dns has incorrect error handling for malformed tcp packets"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-35406",
"datePublished": "2026-04-07T21:32:23.512Z",
"dateReserved": "2026-04-02T17:03:42.075Z",
"dateUpdated": "2026-04-08T16:14:33.190Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-30892 (GCVE-0-2026-30892)
Vulnerability from cvelistv5
Published
2026-03-25 23:57
Modified
2026-03-26 18:10
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-269 - Improper Privilege Management
Summary
crun is an open source OCI Container Runtime fully written in C. In versions 1.19 through 1.26, the `crun exec` option `-u` (`--user`) is incorrectly parsed. The value `1` is interpreted as UID 0 and GID 0 when it should have been UID 1 and GID 0. The process thus runs with higher privileges than expected. Version 1.27 patches the issue.
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| containers | crun |
Version: >= 1.19, < 1.27 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-30892",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-26T18:09:51.829145Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-26T18:10:16.318Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "crun",
"vendor": "containers",
"versions": [
{
"status": "affected",
"version": "\u003e= 1.19, \u003c 1.27"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "crun is an open source OCI Container Runtime fully written in C. In versions 1.19 through 1.26, the `crun exec` option `-u` (`--user`) is incorrectly parsed. The value `1` is interpreted as UID 0 and GID 0 when it should have been UID 1 and GID 0. The process thus runs with higher privileges than expected. Version 1.27 patches the issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 0,
"baseSeverity": "NONE",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269: Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-25T23:57:01.741Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/containers/crun/security/advisories/GHSA-4vg2-xjqj-7chj",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/containers/crun/security/advisories/GHSA-4vg2-xjqj-7chj"
},
{
"name": "https://github.com/containers/crun/commit/1bd7f42446999b0e76bc3d575392e05c943b0b01",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/containers/crun/commit/1bd7f42446999b0e76bc3d575392e05c943b0b01"
},
{
"name": "https://github.com/containers/crun/releases/tag/1.27",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/containers/crun/releases/tag/1.27"
}
],
"source": {
"advisory": "GHSA-4vg2-xjqj-7chj",
"discovery": "UNKNOWN"
},
"title": "Crun incorrectly parses `crun exec` option `-u`, leading to privilege escalation"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-30892",
"datePublished": "2026-03-25T23:57:01.741Z",
"dateReserved": "2026-03-06T00:04:56.701Z",
"dateUpdated": "2026-03-26T18:10:16.318Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-24965 (GCVE-0-2025-24965)
Vulnerability from cvelistv5
Published
2025-02-19 16:46
Modified
2025-02-19 16:56
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Summary
crun is an open source OCI Container Runtime fully written in C. In affected versions A malicious container image could trick the krun handler into escaping the root filesystem, allowing file creation or modification on the host. No special permissions are needed, only the ability for the current user to write to the target file. The problem is fixed in crun 1.20 and all users are advised to upgrade. There are no known workarounds for this vulnerability.
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| containers | crun |
Version: < 1.20 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-24965",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-19T16:55:57.068827Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-19T16:56:05.966Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "crun",
"vendor": "containers",
"versions": [
{
"status": "affected",
"version": "\u003c 1.20"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "crun is an open source OCI Container Runtime fully written in C. In affected versions A malicious container image could trick the krun handler into escaping the root filesystem, allowing file creation or modification on the host. No special permissions are needed, only the ability for the current user to write to the target file. The problem is fixed in crun 1.20 and all users are advised to upgrade. There are no known workarounds for this vulnerability."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"privilegesRequired": "LOW",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "PASSIVE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-19T16:46:31.602Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/containers/crun/security/advisories/GHSA-f42g-r5jj-qh4j",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/containers/crun/security/advisories/GHSA-f42g-r5jj-qh4j"
},
{
"name": "https://github.com/containers/crun/commit/0aec82c2b686f0b1793deed43b46524fe2e8b5a7",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/containers/crun/commit/0aec82c2b686f0b1793deed43b46524fe2e8b5a7"
},
{
"name": "https://github.com/containers/crun/releases/tag/1.20",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/containers/crun/releases/tag/1.20"
}
],
"source": {
"advisory": "GHSA-f42g-r5jj-qh4j",
"discovery": "UNKNOWN"
},
"title": ".krun_config.json symlink attack creates or overwrites file on the host in crun"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-24965",
"datePublished": "2025-02-19T16:46:31.602Z",
"dateReserved": "2025-01-29T15:18:03.209Z",
"dateUpdated": "2025-02-19T16:56:05.966Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-5291 (GCVE-0-2020-5291)
Vulnerability from cvelistv5
Published
2020-03-31 18:00
Modified
2024-08-04 08:22
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-648 - Incorrect Use of Privileged APIs
Summary
Bubblewrap (bwrap) before version 0.4.1, if installed in setuid mode and the kernel supports unprivileged user namespaces, then the `bwrap --userns2` option can be used to make the setuid process keep running as root while being traceable. This can in turn be used to gain root permissions. Note that this only affects the combination of bubblewrap in setuid mode (which is typically used when unprivileged user namespaces are not supported) and the support of unprivileged user namespaces. Known to be affected are: * Debian testing/unstable, if unprivileged user namespaces enabled (not default) * Debian buster-backports, if unprivileged user namespaces enabled (not default) * Arch if using `linux-hardened`, if unprivileged user namespaces enabled (not default) * Centos 7 flatpak COPR, if unprivileged user namespaces enabled (not default) This has been fixed in the 0.4.1 release, and all affected users should update.
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| containers | bubblewrap |
Version: < 0.4.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:22:09.099Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/containers/bubblewrap/security/advisories/GHSA-j2qp-rvxj-43vj"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/containers/bubblewrap/commit/1f7e2ad948c051054b683461885a0215f1806240"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "bubblewrap",
"vendor": "containers",
"versions": [
{
"status": "affected",
"version": "\u003c 0.4.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Bubblewrap (bwrap) before version 0.4.1, if installed in setuid mode and the kernel supports unprivileged user namespaces, then the `bwrap --userns2` option can be used to make the setuid process keep running as root while being traceable. This can in turn be used to gain root permissions. Note that this only affects the combination of bubblewrap in setuid mode (which is typically used when unprivileged user namespaces are not supported) and the support of unprivileged user namespaces. Known to be affected are: * Debian testing/unstable, if unprivileged user namespaces enabled (not default) * Debian buster-backports, if unprivileged user namespaces enabled (not default) * Arch if using `linux-hardened`, if unprivileged user namespaces enabled (not default) * Centos 7 flatpak COPR, if unprivileged user namespaces enabled (not default) This has been fixed in the 0.4.1 release, and all affected users should update."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-648",
"description": "CWE-648: Incorrect Use of Privileged APIs",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-31T18:00:18.000Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/containers/bubblewrap/security/advisories/GHSA-j2qp-rvxj-43vj"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/containers/bubblewrap/commit/1f7e2ad948c051054b683461885a0215f1806240"
}
],
"source": {
"advisory": "GHSA-j2qp-rvxj-43vj",
"discovery": "UNKNOWN"
},
"title": "Privilege escalation in setuid mode via user namespaces in Bubblewrap",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2020-5291",
"STATE": "PUBLIC",
"TITLE": "Privilege escalation in setuid mode via user namespaces in Bubblewrap"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "bubblewrap",
"version": {
"version_data": [
{
"version_value": "\u003c 0.4.1"
}
]
}
}
]
},
"vendor_name": "containers"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Bubblewrap (bwrap) before version 0.4.1, if installed in setuid mode and the kernel supports unprivileged user namespaces, then the `bwrap --userns2` option can be used to make the setuid process keep running as root while being traceable. This can in turn be used to gain root permissions. Note that this only affects the combination of bubblewrap in setuid mode (which is typically used when unprivileged user namespaces are not supported) and the support of unprivileged user namespaces. Known to be affected are: * Debian testing/unstable, if unprivileged user namespaces enabled (not default) * Debian buster-backports, if unprivileged user namespaces enabled (not default) * Arch if using `linux-hardened`, if unprivileged user namespaces enabled (not default) * Centos 7 flatpak COPR, if unprivileged user namespaces enabled (not default) This has been fixed in the 0.4.1 release, and all affected users should update."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-648: Incorrect Use of Privileged APIs"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/containers/bubblewrap/security/advisories/GHSA-j2qp-rvxj-43vj",
"refsource": "CONFIRM",
"url": "https://github.com/containers/bubblewrap/security/advisories/GHSA-j2qp-rvxj-43vj"
},
{
"name": "https://github.com/containers/bubblewrap/commit/1f7e2ad948c051054b683461885a0215f1806240",
"refsource": "MISC",
"url": "https://github.com/containers/bubblewrap/commit/1f7e2ad948c051054b683461885a0215f1806240"
}
]
},
"source": {
"advisory": "GHSA-j2qp-rvxj-43vj",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2020-5291",
"datePublished": "2020-03-31T18:00:18.000Z",
"dateReserved": "2020-01-02T00:00:00.000Z",
"dateUpdated": "2024-08-04T08:22:09.099Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}