CVE-2022-2990
Unauthorized file access in github.com/containers/buildah
7.1
HIGH
CVSS 3.1
EPSS 0.09%
Description
An incorrect handling of the supplementary groups in the Buildah container engine might lead to the sensitive information disclosure or possible data modification if an attacker has direct access to the affected container where supplementary groups are used to set access permissions and is able to execute a binary code in that container.
How to fix CVE-2022-2990
To remediate CVE-2022-2990, upgrade the affected package to a fixed version below.
- —no fix listed
- —upgrade to 1.27.1 or later
- —upgrade to 1.27.1 or later
Is CVE-2022-2990 being exploited?
Low — EPSS is 0.1%, meaning exploitation activity has not been observed at scale.
Affected packages (3)
- from 0
- from 0, < 1.27.1
- from 0, < 1.27.1
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH7.1 | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N |