Home > Vulnerability Database > CVE-2023-38496

Mend.io Vulnerability Database

CVE-2023-38496

Good to know:

Date: July 25, 2023

Apptainer is an open source container platform. Version 1.2.0-rc.2 introduced an ineffective privilege drop when requesting container network setup, therefore subsequent functions are called with root privileges, the attack surface is rather limited for users but an attacker could possibly craft a starter config to delete any directory on the host filesystems. A security fix has been included in Apptainer 1.2.1. There is no known workaround outside of upgrading to Apptainer 1.2.1.

Language: Go

Severity Score

3.3

Related Resources (5)

Url: https://github.com/apptainer/apptainer/security/advisories/GHSA-mmx5-32m4-wxvx

Url: https://github.com/apptainer/apptainer/pull/1523

Url: https://github.com/apptainer/apptainer/pull/1578

Url: https://nvd.nist.gov/vuln/detail/CVE-2023-38496

Url: https://www.mend.io/vulnerability-database/CVE-2023-38496

Severity Score

3.3

Weakness Type (CWE)

Insufficient Information

NVD-CWE-noinfo

Improper Privilege Management

CWE-269

Privilege Dropping / Lowering Errors

CWE-271

Top Fix

Upgrade Version

Upgrade to version v1.2.1

Learn More

CVSS v3.1

Base Score:	3.3
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	REQUIRED
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	LOW
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2023-38496

Good to know:

Date: July 25, 2023

Language: Go

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?