#VU72321 Improper Privilege Management in moby - CVE-2022-36109


Vulnerability identifier: #VU72321

Vulnerability risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-36109

CWE-ID: CWE-269

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
moby
Server applications / Virtualization software

Vendor: Moby project

Description

The vulnerability allows a local user to escalate privileges.

The vulnerability exists due to improper privilege management caused by improper setup of supplementary groups. A local user can bypass primary group restrictions and compromise the container.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

moby: 20.10.0 - 20.10.18

External links
https://github.com/moby/moby/security/advisories/GHSA-rc4r-wh2q-q6c4
https://github.com/moby/moby/commit/de7af816e76a7fd3fbf06bffa6832959289fba32
https://github.com/moby/moby/releases/tag/v20.10.18
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RQQ4E3JBXVR3VK5FIZVJ3QS2TAOOXXTQ/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O7JL2QA3RB732MLJ3RMUXB3IB7AA22YU/

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?


Latest bulletins with this vulnerability


Multiple vulnerabilities in IBM InfoSphere Information Server
Gentoo update for Docker
Multiple vulnerabilities in IBM Storage Ceph
Amazon Linux AMI update for docker
Amazon Linux AMI update for containerd
Multiple vulnerabilities in IBM Cloud Pak for Multicloud Management
IBM Cloud Pak System update for Moby
Multiple vulnerabilities in IBM Edge Application Manager
Multiple vulnerabilities in IBM Edge Application Manager
SUSE update for docker