We found results for “”
CVE-2023-38496
Good to know:
Date: July 25, 2023
Apptainer is an open source container platform. Version 1.2.0-rc.2 introduced an ineffective privilege drop when requesting container network setup, therefore subsequent functions are called with root privileges, the attack surface is rather limited for users but an attacker could possibly craft a starter config to delete any directory on the host filesystems. A security fix has been included in Apptainer 1.2.1. There is no known workaround outside of upgrading to Apptainer 1.2.1.
Language: Go
Severity Score
Related Resources (5)
Severity Score
Weakness Type (CWE)
Insufficient Information
NVD-CWE-noinfoImproper Privilege Management
CWE-269Privilege Dropping / Lowering Errors
CWE-271Top Fix
CVSS v3.1
Base Score: |
|
---|---|
Attack Vector (AV): | LOCAL |
Attack Complexity (AC): | LOW |
Privileges Required (PR): | NONE |
User Interaction (UI): | REQUIRED |
Scope (S): | UNCHANGED |
Confidentiality (C): | NONE |
Integrity (I): | LOW |
Availability (A): | NONE |