Skip to main content

Incorrect Default Permissions

CVE-2022-27652

Severity Medium
Score 5.3/10

Summary

A flaw was found in cri-o prior to 1.24.0, where containers were incorrectly started with non-empty default permissions. A vulnerability was found in Moby (Docker Engine) where containers started incorrectly with non-empty inheritable Linux process capabilities. This flaw allows an attacker with access to programs with inheritable file capabilities to elevate those capabilities to the permitted set when execve(2) runs.

  • LOW
  • LOCAL
  • LOW
  • UNCHANGED
  • NONE
  • LOW
  • LOW
  • LOW

CWE-276 - Incorrect Default Permissions

During installation, installed file permissions are set to allow anyone to modify those files.

Advisory Timeline

  • Published