CVE-2023-28642

ADVISORY - github

Summary

Impact

It was found that AppArmor, and potentially SELinux, can be bypassed when /proc inside the container is symlinked with a specific mount configuration.

Patches

Fixed in runc v1.1.5, by prohibiting symlinked /proc: https://github.com/opencontainers/runc/pull/3785

This PR fixes CVE-2023-27561 as well.

Workarounds

Avoid using an untrusted container image.

EPSS Score⁠: 0.00011 (0.010)

Common Weakness Enumeration (CWE)

ADVISORY - nist

CWE-281⁠

Improper Preservation of Permissions

CWE-59⁠

Improper Link Resolution Before File Access ('Link Following')

ADVISORY - github

CWE-281⁠

Improper Preservation of Permissions

CWE-59⁠

Improper Link Resolution Before File Access ('Link Following')

ADVISORY - gitlab

CWE-1035⁠

OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities

CWE-281⁠

Improper Preservation of Permissions

CWE-59⁠

Improper Link Resolution Before File Access ('Link Following')

CWE-937⁠

OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities

ADVISORY - redhat

CWE-305⁠

Authentication Bypass by Primary Weakness

Impacted images

Advisories

NIST

CREATED

3 years ago

UPDATED

1 year ago

ADVISORY IDCVE-2023-28642⁠

EXPLOITABILITY SCORE

1.8

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CWE-281⁠CWE-59⁠

CVSS SCORE

6.1medium

GitHub

CREATED

3 years ago

UPDATED

1 year ago

ADVISORY IDGHSA-g2j6-57v7-gm8c⁠

EXPLOITABILITY SCORE

1.8

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CWE-281⁠CWE-59⁠

CVSS SCORE

6.1medium

Alpine

CREATED

3 years ago

UPDATED

4 hours ago

ADVISORY IDCVE-2023-28642⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Debian

CREATED

3 years ago

UPDATED

18 days ago

ADVISORY IDCVE-2023-28642⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Ubuntu

CREATED

3 years ago

UPDATED

10 months ago

ADVISORY IDCVE-2023-28642⁠

EXPLOITABILITY SCORE

1.8

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

7.8medium

GoLang

CREATED

1 year ago

UPDATED

5 months ago

ADVISORY IDGO-2023-1683⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

GitLab

CREATED

3 years ago

UPDATED

1 year ago

ADVISORY ID

CVE-2023-28642

EXPLOITABILITY SCORE

1.8

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CWE-1035⁠CWE-281⁠CWE-59⁠CWE-937⁠

CVSS SCORE

6.1medium

Alma

CREATED

2 years ago

UPDATED

2 years ago

ADVISORY IDALSA-2023:6380⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Amedium

Alma

CREATED

2 years ago

UPDATED

2 years ago

ADVISORY IDALSA-2023:6938⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Amedium

Alma

CREATED

2 years ago

UPDATED

2 years ago

ADVISORY IDALSA-2023:6939⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Amedium

Amazon

CREATED

3 years ago

UPDATED

3 years ago

ADVISORY IDALAS2023-2023-208⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Ahigh

Red Hat

CREATED

3 years ago

UPDATED

12 days ago

ADVISORY IDCVE-2023-28642⁠

EXPLOITABILITY SCORE

1.8

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CWE-305⁠

CVSS SCORE

7.8medium

Rocky

CREATED

2 months ago

UPDATED

2 months ago

ADVISORY IDRLSA-2023:6938⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Alow

Rocky

CREATED

2 months ago

UPDATED

2 months ago

ADVISORY IDRLSA-2023:6939⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Alow

Oracle

CREATED

3 years ago

UPDATED

3 years ago

ADVISORY IDELSA-2023-12578⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Ahigh

Oracle

CREATED

3 years ago

UPDATED

3 years ago

ADVISORY IDELSA-2023-12579⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Ahigh

Oracle

CREATED

2 years ago

UPDATED

2 years ago

ADVISORY IDELSA-2023-6380⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Amedium

Oracle

CREATED

2 years ago

UPDATED

2 years ago

ADVISORY IDELSA-2023-6938⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Amedium

Oracle

CREATED

2 years ago

UPDATED

2 years ago

ADVISORY IDELSA-2023-6939⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Amedium

Chainguard

CREATED

2 years ago

UPDATED

2 years ago

ADVISORY ID

CGA-959m-f2hx-94gg

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Chainguard

CREATED

1 year ago

UPDATED

1 year ago

ADVISORY ID

CGA-hqm9-wq7w-hpgg

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Chainguard

CREATED

2 years ago

UPDATED

2 years ago

ADVISORY ID

CGA-jj6c-2jwp-vgq7

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Chainguard

CREATED

10 days ago

UPDATED

10 days ago

ADVISORY ID

CGA-rrc4-39xr-5634

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Photon

CREATED

1 year ago

UPDATED

3 months ago

ADVISORY ID

CVE-2023-28642

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

7.8high