Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-fa27-n4rs-h7gp

Summary

Buildah's incorrect handling of the supplementary groups may lead to data disclosure, modification
An incorrect handling of the supplementary groups in the Buildah container engine might lead to the sensitive information disclosure or possible data modification if an attacker has direct access to the affected container where supplementary groups are used to set access permissions and is able to execute a binary code in that container.

Aliases

alias	CVE-2022-2990

alias	GHSA-fjm8-m7m6-2fjp

Fixed_packages

url	pkg:apk/alpine/buildah@1.28.0-r0?arch=aarch64&distroversion=v3.22&reponame=community
purl	pkg:apk/alpine/buildah@1.28.0-r0?arch=aarch64&distroversion=v3.22&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/buildah@1.28.0-r0%3Farch=aarch64&distroversion=v3.22&reponame=community

url	pkg:apk/alpine/buildah@1.28.0-r0?arch=riscv64&distroversion=v3.22&reponame=community
purl	pkg:apk/alpine/buildah@1.28.0-r0?arch=riscv64&distroversion=v3.22&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/buildah@1.28.0-r0%3Farch=riscv64&distroversion=v3.22&reponame=community

url	pkg:apk/alpine/buildah@1.28.0-r0?arch=loongarch64&distroversion=v3.21&reponame=community
purl	pkg:apk/alpine/buildah@1.28.0-r0?arch=loongarch64&distroversion=v3.21&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/buildah@1.28.0-r0%3Farch=loongarch64&distroversion=v3.21&reponame=community

url	pkg:apk/alpine/buildah@1.28.0-r0?arch=armhf&distroversion=v3.19&reponame=community
purl	pkg:apk/alpine/buildah@1.28.0-r0?arch=armhf&distroversion=v3.19&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/buildah@1.28.0-r0%3Farch=armhf&distroversion=v3.19&reponame=community

url	pkg:apk/alpine/buildah@1.28.0-r0?arch=ppc64le&distroversion=v3.19&reponame=community
purl	pkg:apk/alpine/buildah@1.28.0-r0?arch=ppc64le&distroversion=v3.19&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/buildah@1.28.0-r0%3Farch=ppc64le&distroversion=v3.19&reponame=community

url	pkg:apk/alpine/buildah@1.28.0-r0?arch=x86&distroversion=v3.19&reponame=community
purl	pkg:apk/alpine/buildah@1.28.0-r0?arch=x86&distroversion=v3.19&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/buildah@1.28.0-r0%3Farch=x86&distroversion=v3.19&reponame=community

url	pkg:apk/alpine/buildah@1.28.0-r0?arch=s390x&distroversion=v3.18&reponame=community
purl	pkg:apk/alpine/buildah@1.28.0-r0?arch=s390x&distroversion=v3.18&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/buildah@1.28.0-r0%3Farch=s390x&distroversion=v3.18&reponame=community

url	pkg:apk/alpine/buildah@1.28.0-r0?arch=x86&distroversion=v3.18&reponame=community
purl	pkg:apk/alpine/buildah@1.28.0-r0?arch=x86&distroversion=v3.18&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/buildah@1.28.0-r0%3Farch=x86&distroversion=v3.18&reponame=community

url	pkg:apk/alpine/buildah@1.28.0-r0?arch=s390x&distroversion=v3.17&reponame=community
purl	pkg:apk/alpine/buildah@1.28.0-r0?arch=s390x&distroversion=v3.17&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/buildah@1.28.0-r0%3Farch=s390x&distroversion=v3.17&reponame=community

url	pkg:apk/alpine/buildah@1.28.0-r0?arch=x86&distroversion=v3.17&reponame=community
purl	pkg:apk/alpine/buildah@1.28.0-r0?arch=x86&distroversion=v3.17&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/buildah@1.28.0-r0%3Farch=x86&distroversion=v3.17&reponame=community

url	pkg:apk/alpine/buildah@1.28.0-r0?arch=x86_64&distroversion=v3.17&reponame=community
purl	pkg:apk/alpine/buildah@1.28.0-r0?arch=x86_64&distroversion=v3.17&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/buildah@1.28.0-r0%3Farch=x86_64&distroversion=v3.17&reponame=community

url	pkg:apk/alpine/buildah@1.28.0-r0?arch=ppc64le&distroversion=v3.23&reponame=community
purl	pkg:apk/alpine/buildah@1.28.0-r0?arch=ppc64le&distroversion=v3.23&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/buildah@1.28.0-r0%3Farch=ppc64le&distroversion=v3.23&reponame=community

url	pkg:apk/alpine/buildah@1.28.0-r0?arch=x86&distroversion=v3.23&reponame=community
purl	pkg:apk/alpine/buildah@1.28.0-r0?arch=x86&distroversion=v3.23&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/buildah@1.28.0-r0%3Farch=x86&distroversion=v3.23&reponame=community

url	pkg:apk/alpine/buildah@1.28.0-r0?arch=x86_64&distroversion=v3.23&reponame=community
purl	pkg:apk/alpine/buildah@1.28.0-r0?arch=x86_64&distroversion=v3.23&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/buildah@1.28.0-r0%3Farch=x86_64&distroversion=v3.23&reponame=community

url	pkg:apk/alpine/buildah@1.28.0-r0?arch=aarch64&distroversion=edge&reponame=community
purl	pkg:apk/alpine/buildah@1.28.0-r0?arch=aarch64&distroversion=edge&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/buildah@1.28.0-r0%3Farch=aarch64&distroversion=edge&reponame=community

url	pkg:apk/alpine/buildah@1.28.0-r0?arch=armhf&distroversion=edge&reponame=community
purl	pkg:apk/alpine/buildah@1.28.0-r0?arch=armhf&distroversion=edge&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/buildah@1.28.0-r0%3Farch=armhf&distroversion=edge&reponame=community

url	pkg:apk/alpine/buildah@1.28.0-r0?arch=armv7&distroversion=edge&reponame=community
purl	pkg:apk/alpine/buildah@1.28.0-r0?arch=armv7&distroversion=edge&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/buildah@1.28.0-r0%3Farch=armv7&distroversion=edge&reponame=community

url	pkg:apk/alpine/buildah@1.28.0-r0?arch=ppc64le&distroversion=edge&reponame=community
purl	pkg:apk/alpine/buildah@1.28.0-r0?arch=ppc64le&distroversion=edge&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/buildah@1.28.0-r0%3Farch=ppc64le&distroversion=edge&reponame=community

url	pkg:apk/alpine/buildah@1.28.0-r0?arch=s390x&distroversion=edge&reponame=community
purl	pkg:apk/alpine/buildah@1.28.0-r0?arch=s390x&distroversion=edge&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/buildah@1.28.0-r0%3Farch=s390x&distroversion=edge&reponame=community

url	pkg:apk/alpine/buildah@1.28.0-r0?arch=x86_64&distroversion=edge&reponame=community
purl	pkg:apk/alpine/buildah@1.28.0-r0?arch=x86_64&distroversion=edge&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/buildah@1.28.0-r0%3Farch=x86_64&distroversion=edge&reponame=community

url	pkg:apk/alpine/buildah@1.28.0-r0?arch=x86&distroversion=v3.20&reponame=community
purl	pkg:apk/alpine/buildah@1.28.0-r0?arch=x86&distroversion=v3.20&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/buildah@1.28.0-r0%3Farch=x86&distroversion=v3.20&reponame=community

url	pkg:apk/alpine/buildah@1.28.0-r0?arch=s390x&distroversion=v3.22&reponame=community
purl	pkg:apk/alpine/buildah@1.28.0-r0?arch=s390x&distroversion=v3.22&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/buildah@1.28.0-r0%3Farch=s390x&distroversion=v3.22&reponame=community

url	pkg:apk/alpine/buildah@1.28.0-r0?arch=x86&distroversion=v3.22&reponame=community
purl	pkg:apk/alpine/buildah@1.28.0-r0?arch=x86&distroversion=v3.22&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/buildah@1.28.0-r0%3Farch=x86&distroversion=v3.22&reponame=community

url	pkg:apk/alpine/buildah@1.28.0-r0?arch=x86&distroversion=edge&reponame=community
purl	pkg:apk/alpine/buildah@1.28.0-r0?arch=x86&distroversion=edge&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/buildah@1.28.0-r0%3Farch=x86&distroversion=edge&reponame=community

url	pkg:apk/alpine/buildah@1.28.0-r0?arch=armhf&distroversion=v3.20&reponame=community
purl	pkg:apk/alpine/buildah@1.28.0-r0?arch=armhf&distroversion=v3.20&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/buildah@1.28.0-r0%3Farch=armhf&distroversion=v3.20&reponame=community

url	pkg:apk/alpine/buildah@1.28.0-r0?arch=riscv64&distroversion=v3.20&reponame=community
purl	pkg:apk/alpine/buildah@1.28.0-r0?arch=riscv64&distroversion=v3.20&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/buildah@1.28.0-r0%3Farch=riscv64&distroversion=v3.20&reponame=community

url	pkg:apk/alpine/buildah@1.28.0-r0?arch=s390x&distroversion=v3.20&reponame=community
purl	pkg:apk/alpine/buildah@1.28.0-r0?arch=s390x&distroversion=v3.20&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/buildah@1.28.0-r0%3Farch=s390x&distroversion=v3.20&reponame=community

url	pkg:apk/alpine/buildah@1.28.0-r0?arch=ppc64le&distroversion=v3.17&reponame=community
purl	pkg:apk/alpine/buildah@1.28.0-r0?arch=ppc64le&distroversion=v3.17&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/buildah@1.28.0-r0%3Farch=ppc64le&distroversion=v3.17&reponame=community

url	pkg:apk/alpine/buildah@1.28.0-r0?arch=armhf&distroversion=v3.22&reponame=community
purl	pkg:apk/alpine/buildah@1.28.0-r0?arch=armhf&distroversion=v3.22&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/buildah@1.28.0-r0%3Farch=armhf&distroversion=v3.22&reponame=community

url	pkg:apk/alpine/buildah@1.28.0-r0?arch=loongarch64&distroversion=v3.22&reponame=community
purl	pkg:apk/alpine/buildah@1.28.0-r0?arch=loongarch64&distroversion=v3.22&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/buildah@1.28.0-r0%3Farch=loongarch64&distroversion=v3.22&reponame=community

url	pkg:apk/alpine/buildah@1.28.0-r0?arch=ppc64le&distroversion=v3.22&reponame=community
purl	pkg:apk/alpine/buildah@1.28.0-r0?arch=ppc64le&distroversion=v3.22&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/buildah@1.28.0-r0%3Farch=ppc64le&distroversion=v3.22&reponame=community

url	pkg:apk/alpine/buildah@1.28.0-r0?arch=x86_64&distroversion=v3.22&reponame=community
purl	pkg:apk/alpine/buildah@1.28.0-r0?arch=x86_64&distroversion=v3.22&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/buildah@1.28.0-r0%3Farch=x86_64&distroversion=v3.22&reponame=community

url	pkg:apk/alpine/buildah@1.28.0-r0?arch=armhf&distroversion=v3.21&reponame=community
purl	pkg:apk/alpine/buildah@1.28.0-r0?arch=armhf&distroversion=v3.21&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/buildah@1.28.0-r0%3Farch=armhf&distroversion=v3.21&reponame=community

url	pkg:apk/alpine/buildah@1.28.0-r0?arch=armv7&distroversion=v3.21&reponame=community
purl	pkg:apk/alpine/buildah@1.28.0-r0?arch=armv7&distroversion=v3.21&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/buildah@1.28.0-r0%3Farch=armv7&distroversion=v3.21&reponame=community

url	pkg:apk/alpine/buildah@1.28.0-r0?arch=ppc64le&distroversion=v3.21&reponame=community
purl	pkg:apk/alpine/buildah@1.28.0-r0?arch=ppc64le&distroversion=v3.21&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/buildah@1.28.0-r0%3Farch=ppc64le&distroversion=v3.21&reponame=community

url	pkg:apk/alpine/buildah@1.28.0-r0?arch=riscv64&distroversion=v3.21&reponame=community
purl	pkg:apk/alpine/buildah@1.28.0-r0?arch=riscv64&distroversion=v3.21&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/buildah@1.28.0-r0%3Farch=riscv64&distroversion=v3.21&reponame=community

url	pkg:apk/alpine/buildah@1.28.0-r0?arch=s390x&distroversion=v3.21&reponame=community
purl	pkg:apk/alpine/buildah@1.28.0-r0?arch=s390x&distroversion=v3.21&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/buildah@1.28.0-r0%3Farch=s390x&distroversion=v3.21&reponame=community

url	pkg:apk/alpine/buildah@1.28.0-r0?arch=x86&distroversion=v3.21&reponame=community
purl	pkg:apk/alpine/buildah@1.28.0-r0?arch=x86&distroversion=v3.21&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/buildah@1.28.0-r0%3Farch=x86&distroversion=v3.21&reponame=community

url	pkg:apk/alpine/buildah@1.28.0-r0?arch=aarch64&distroversion=v3.19&reponame=community
purl	pkg:apk/alpine/buildah@1.28.0-r0?arch=aarch64&distroversion=v3.19&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/buildah@1.28.0-r0%3Farch=aarch64&distroversion=v3.19&reponame=community

url	pkg:apk/alpine/buildah@1.28.0-r0?arch=armv7&distroversion=v3.19&reponame=community
purl	pkg:apk/alpine/buildah@1.28.0-r0?arch=armv7&distroversion=v3.19&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/buildah@1.28.0-r0%3Farch=armv7&distroversion=v3.19&reponame=community

url	pkg:apk/alpine/buildah@1.28.0-r0?arch=s390x&distroversion=v3.19&reponame=community
purl	pkg:apk/alpine/buildah@1.28.0-r0?arch=s390x&distroversion=v3.19&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/buildah@1.28.0-r0%3Farch=s390x&distroversion=v3.19&reponame=community

url	pkg:apk/alpine/buildah@1.28.0-r0?arch=aarch64&distroversion=v3.18&reponame=community
purl	pkg:apk/alpine/buildah@1.28.0-r0?arch=aarch64&distroversion=v3.18&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/buildah@1.28.0-r0%3Farch=aarch64&distroversion=v3.18&reponame=community

url	pkg:apk/alpine/buildah@1.28.0-r0?arch=armhf&distroversion=v3.18&reponame=community
purl	pkg:apk/alpine/buildah@1.28.0-r0?arch=armhf&distroversion=v3.18&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/buildah@1.28.0-r0%3Farch=armhf&distroversion=v3.18&reponame=community

url	pkg:apk/alpine/buildah@1.28.0-r0?arch=armv7&distroversion=v3.18&reponame=community
purl	pkg:apk/alpine/buildah@1.28.0-r0?arch=armv7&distroversion=v3.18&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/buildah@1.28.0-r0%3Farch=armv7&distroversion=v3.18&reponame=community

url	pkg:apk/alpine/buildah@1.28.0-r0?arch=ppc64le&distroversion=v3.18&reponame=community
purl	pkg:apk/alpine/buildah@1.28.0-r0?arch=ppc64le&distroversion=v3.18&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/buildah@1.28.0-r0%3Farch=ppc64le&distroversion=v3.18&reponame=community

url	pkg:apk/alpine/buildah@1.28.0-r0?arch=aarch64&distroversion=v3.17&reponame=community
purl	pkg:apk/alpine/buildah@1.28.0-r0?arch=aarch64&distroversion=v3.17&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/buildah@1.28.0-r0%3Farch=aarch64&distroversion=v3.17&reponame=community

url	pkg:apk/alpine/buildah@1.28.0-r0?arch=armhf&distroversion=v3.17&reponame=community
purl	pkg:apk/alpine/buildah@1.28.0-r0?arch=armhf&distroversion=v3.17&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/buildah@1.28.0-r0%3Farch=armhf&distroversion=v3.17&reponame=community

url	pkg:apk/alpine/buildah@1.28.0-r0?arch=armv7&distroversion=v3.17&reponame=community
purl	pkg:apk/alpine/buildah@1.28.0-r0?arch=armv7&distroversion=v3.17&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/buildah@1.28.0-r0%3Farch=armv7&distroversion=v3.17&reponame=community

url	pkg:apk/alpine/buildah@1.28.0-r0?arch=aarch64&distroversion=v3.23&reponame=community
purl	pkg:apk/alpine/buildah@1.28.0-r0?arch=aarch64&distroversion=v3.23&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/buildah@1.28.0-r0%3Farch=aarch64&distroversion=v3.23&reponame=community

url	pkg:apk/alpine/buildah@1.28.0-r0?arch=riscv64&distroversion=v3.23&reponame=community
purl	pkg:apk/alpine/buildah@1.28.0-r0?arch=riscv64&distroversion=v3.23&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/buildah@1.28.0-r0%3Farch=riscv64&distroversion=v3.23&reponame=community

url	pkg:apk/alpine/buildah@1.28.0-r0?arch=s390x&distroversion=v3.23&reponame=community
purl	pkg:apk/alpine/buildah@1.28.0-r0?arch=s390x&distroversion=v3.23&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/buildah@1.28.0-r0%3Farch=s390x&distroversion=v3.23&reponame=community

url	pkg:apk/alpine/buildah@1.28.0-r0?arch=loongarch64&distroversion=edge&reponame=community
purl	pkg:apk/alpine/buildah@1.28.0-r0?arch=loongarch64&distroversion=edge&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/buildah@1.28.0-r0%3Farch=loongarch64&distroversion=edge&reponame=community

url	pkg:apk/alpine/buildah@1.28.0-r0?arch=riscv64&distroversion=edge&reponame=community
purl	pkg:apk/alpine/buildah@1.28.0-r0?arch=riscv64&distroversion=edge&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/buildah@1.28.0-r0%3Farch=riscv64&distroversion=edge&reponame=community

url	pkg:apk/alpine/buildah@1.28.0-r0?arch=aarch64&distroversion=v3.20&reponame=community
purl	pkg:apk/alpine/buildah@1.28.0-r0?arch=aarch64&distroversion=v3.20&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/buildah@1.28.0-r0%3Farch=aarch64&distroversion=v3.20&reponame=community

url	pkg:apk/alpine/buildah@1.28.0-r0?arch=armv7&distroversion=v3.20&reponame=community
purl	pkg:apk/alpine/buildah@1.28.0-r0?arch=armv7&distroversion=v3.20&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/buildah@1.28.0-r0%3Farch=armv7&distroversion=v3.20&reponame=community

url	pkg:apk/alpine/buildah@1.28.0-r0?arch=ppc64le&distroversion=v3.20&reponame=community
purl	pkg:apk/alpine/buildah@1.28.0-r0?arch=ppc64le&distroversion=v3.20&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/buildah@1.28.0-r0%3Farch=ppc64le&distroversion=v3.20&reponame=community

url	pkg:apk/alpine/buildah@1.28.0-r0?arch=x86_64&distroversion=v3.20&reponame=community
purl	pkg:apk/alpine/buildah@1.28.0-r0?arch=x86_64&distroversion=v3.20&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/buildah@1.28.0-r0%3Farch=x86_64&distroversion=v3.20&reponame=community

url	pkg:apk/alpine/buildah@1.28.0-r0?arch=x86_64&distroversion=v3.19&reponame=community
purl	pkg:apk/alpine/buildah@1.28.0-r0?arch=x86_64&distroversion=v3.19&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/buildah@1.28.0-r0%3Farch=x86_64&distroversion=v3.19&reponame=community

url	pkg:apk/alpine/buildah@1.28.0-r0?arch=x86_64&distroversion=v3.18&reponame=community
purl	pkg:apk/alpine/buildah@1.28.0-r0?arch=x86_64&distroversion=v3.18&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/buildah@1.28.0-r0%3Farch=x86_64&distroversion=v3.18&reponame=community

url	pkg:apk/alpine/buildah@1.28.0-r0?arch=loongarch64&distroversion=v3.23&reponame=community
purl	pkg:apk/alpine/buildah@1.28.0-r0?arch=loongarch64&distroversion=v3.23&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/buildah@1.28.0-r0%3Farch=loongarch64&distroversion=v3.23&reponame=community

url	pkg:apk/alpine/buildah@1.28.0-r0?arch=aarch64&distroversion=v3.21&reponame=community
purl	pkg:apk/alpine/buildah@1.28.0-r0?arch=aarch64&distroversion=v3.21&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/buildah@1.28.0-r0%3Farch=aarch64&distroversion=v3.21&reponame=community

url	pkg:apk/alpine/buildah@1.28.0-r0?arch=x86_64&distroversion=v3.21&reponame=community
purl	pkg:apk/alpine/buildah@1.28.0-r0?arch=x86_64&distroversion=v3.21&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/buildah@1.28.0-r0%3Farch=x86_64&distroversion=v3.21&reponame=community

url	pkg:apk/alpine/buildah@1.28.0-r0?arch=armhf&distroversion=v3.23&reponame=community
purl	pkg:apk/alpine/buildah@1.28.0-r0?arch=armhf&distroversion=v3.23&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/buildah@1.28.0-r0%3Farch=armhf&distroversion=v3.23&reponame=community

url	pkg:apk/alpine/buildah@1.28.0-r0?arch=armv7&distroversion=v3.23&reponame=community
purl	pkg:apk/alpine/buildah@1.28.0-r0?arch=armv7&distroversion=v3.23&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/buildah@1.28.0-r0%3Farch=armv7&distroversion=v3.23&reponame=community

url	pkg:apk/alpine/buildah@1.28.0-r0?arch=armv7&distroversion=v3.22&reponame=community
purl	pkg:apk/alpine/buildah@1.28.0-r0?arch=armv7&distroversion=v3.22&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/buildah@1.28.0-r0%3Farch=armv7&distroversion=v3.22&reponame=community

url	pkg:deb/debian/golang-github-containers-buildah@1.28.0%2Bds1-2?distro=trixie
purl	pkg:deb/debian/golang-github-containers-buildah@1.28.0%2Bds1-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-github-containers-buildah@1.28.0%252Bds1-2%3Fdistro=trixie

url pkg:deb/debian/golang-github-containers-buildah@1.28.2%2Bds1-3%2Bdeb12u1

purl pkg:deb/debian/golang-github-containers-buildah@1.28.2%2Bds1-3%2Bdeb12u1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-e14a-39np-13bx

vulnerability	VCID-gyyv-8fkv-syh5

vulnerability	VCID-j9nr-4d4t-j3e1

vulnerability	VCID-xe2z-2g23-skhf

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-github-containers-buildah@1.28.2%252Bds1-3%252Bdeb12u1

url pkg:deb/debian/golang-github-containers-buildah@1.28.2%2Bds1-3%2Bdeb12u1?distro=trixie

purl pkg:deb/debian/golang-github-containers-buildah@1.28.2%2Bds1-3%2Bdeb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-e14a-39np-13bx

vulnerability	VCID-gyyv-8fkv-syh5

vulnerability	VCID-j9nr-4d4t-j3e1

vulnerability	VCID-xe2z-2g23-skhf

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-github-containers-buildah@1.28.2%252Bds1-3%252Bdeb12u1%3Fdistro=trixie

url	pkg:deb/debian/golang-github-containers-buildah@1.39.3%2Bds1-1?distro=trixie
purl	pkg:deb/debian/golang-github-containers-buildah@1.39.3%2Bds1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-github-containers-buildah@1.39.3%252Bds1-1%3Fdistro=trixie

url	pkg:deb/debian/golang-github-containers-buildah@1.43.0%2Bds1-2?distro=trixie
purl	pkg:deb/debian/golang-github-containers-buildah@1.43.0%2Bds1-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-github-containers-buildah@1.43.0%252Bds1-2%3Fdistro=trixie

url	pkg:deb/debian/golang-github-containers-buildah@1.43.1%2Bds1-1?distro=trixie
purl	pkg:deb/debian/golang-github-containers-buildah@1.43.1%2Bds1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-github-containers-buildah@1.43.1%252Bds1-1%3Fdistro=trixie

url	pkg:golang/github.com/containers/buildah@1.27.1
purl	pkg:golang/github.com/containers/buildah@1.27.1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:golang/github.com/containers/buildah@1.27.1

Affected_packages

url pkg:deb/debian/golang-github-containers-buildah@1.19.6%2Bdfsg1-1?distro=trixie

purl pkg:deb/debian/golang-github-containers-buildah@1.19.6%2Bdfsg1-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-e14a-39np-13bx

vulnerability	VCID-fa27-n4rs-h7gp

vulnerability	VCID-gs2e-ztdw-ayft

vulnerability	VCID-gyyv-8fkv-syh5

vulnerability	VCID-j9nr-4d4t-j3e1

vulnerability	VCID-thgc-p1tc-nbdw

vulnerability	VCID-xe2z-2g23-skhf

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-github-containers-buildah@1.19.6%252Bdfsg1-1%3Fdistro=trixie

url pkg:deb/debian/golang-github-containers-buildah@1.19.6%2Bdfsg1-1

purl pkg:deb/debian/golang-github-containers-buildah@1.19.6%2Bdfsg1-1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-e14a-39np-13bx

vulnerability	VCID-fa27-n4rs-h7gp

vulnerability	VCID-gs2e-ztdw-ayft

vulnerability	VCID-gyyv-8fkv-syh5

vulnerability	VCID-j9nr-4d4t-j3e1

vulnerability	VCID-thgc-p1tc-nbdw

vulnerability	VCID-xe2z-2g23-skhf

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-github-containers-buildah@1.19.6%252Bdfsg1-1

url pkg:rpm/redhat/buildah@1:1.27.0-2?arch=el9

purl pkg:rpm/redhat/buildah@1:1.27.0-2?arch=el9

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1n1h-e2p4-9yhs

vulnerability	VCID-35du-rm88-k7bw

vulnerability	VCID-5wtx-278c-nycq

vulnerability	VCID-fa27-n4rs-h7gp

vulnerability	VCID-pqs8-s3dm-7ff2

vulnerability	VCID-ttsj-3bd1-tfhu

vulnerability	VCID-z1ct-cecz-mqer

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/buildah@1:1.27.0-2%3Farch=el9

url pkg:rpm/redhat/buildah@1:1.29.1-1.rhaos4.13?arch=el9

purl pkg:rpm/redhat/buildah@1:1.29.1-1.rhaos4.13?arch=el9

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-fa27-n4rs-h7gp

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/buildah@1:1.29.1-1.rhaos4.13%3Farch=el9

url pkg:rpm/redhat/podman@2:4.2.0-7?arch=el9_1

purl pkg:rpm/redhat/podman@2:4.2.0-7?arch=el9_1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-fa27-n4rs-h7gp

vulnerability	VCID-ttsj-3bd1-tfhu

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/podman@2:4.2.0-7%3Farch=el9_1

References

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-2990.json

reference_id

reference_type

scores

value	7.1
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-2990.json

reference_url

https://access.redhat.com/security/cve/CVE-2022-2990

reference_id

reference_type

scores

value	7.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/security/cve/CVE-2022-2990

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-2990

reference_id

reference_type

scores

value	0.0009
scoring_system	epss
scoring_elements	0.25337
published_at	2026-04-29T12:55:00Z

value	0.0009
scoring_system	epss
scoring_elements	0.25627
published_at	2026-04-02T12:55:00Z

value	0.0009
scoring_system	epss
scoring_elements	0.25664
published_at	2026-04-04T12:55:00Z

value	0.0009
scoring_system	epss
scoring_elements	0.25431
published_at	2026-04-07T12:55:00Z

value	0.0009
scoring_system	epss
scoring_elements	0.255
published_at	2026-04-08T12:55:00Z

value	0.0009
scoring_system	epss
scoring_elements	0.25547
published_at	2026-04-09T12:55:00Z

value	0.0009
scoring_system	epss
scoring_elements	0.25558
published_at	2026-04-11T12:55:00Z

value	0.0009
scoring_system	epss
scoring_elements	0.25517
published_at	2026-04-12T12:55:00Z

value	0.0009
scoring_system	epss
scoring_elements	0.25459
published_at	2026-04-13T12:55:00Z

value	0.0009
scoring_system	epss
scoring_elements	0.25464
published_at	2026-04-16T12:55:00Z

value	0.0009
scoring_system	epss
scoring_elements	0.25454
published_at	2026-04-18T12:55:00Z

value	0.0009
scoring_system	epss
scoring_elements	0.25422
published_at	2026-04-21T12:55:00Z

value	0.0009
scoring_system	epss
scoring_elements	0.25386
published_at	2026-04-24T12:55:00Z

value	0.0009
scoring_system	epss
scoring_elements	0.25379
published_at	2026-04-26T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-2990

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=2121453

reference_id

reference_type

scores

value	7.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=2121453

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2990
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2990

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	4.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/containers/buildah

reference_id

reference_type

scores

value	7.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/containers/buildah

reference_url

https://github.com/containers/buildah/commit/4a8bf740e862f2438279c6feee2ea59ddf0cda0b

reference_id

reference_type

scores

value	7.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/containers/buildah/commit/4a8bf740e862f2438279c6feee2ea59ddf0cda0b

reference_url

https://github.com/containers/buildah/pull/4200

reference_id

reference_type

scores

value	7.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/containers/buildah/pull/4200

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2022-2990

reference_id

reference_type

scores

value	7.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2022-2990

reference_url

https://pkg.go.dev/vuln/GO-2022-1008

reference_id

reference_type

scores

value	7.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://pkg.go.dev/vuln/GO-2022-1008

reference_url

https://www.benthamsgaze.org/2022/08/22/vulnerability-in-linux-containers-investigation-and-mitigation

reference_id

reference_type

scores

value	7.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.benthamsgaze.org/2022/08/22/vulnerability-in-linux-containers-investigation-and-mitigation

reference_url	https://access.redhat.com/errata/RHSA-2022:7457
reference_id	RHSA-2022:7457
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:7457

reference_url	https://access.redhat.com/errata/RHSA-2023:1325
reference_id	RHSA-2023:1325
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:1325

Weaknesses

cwe_id	842
name	Placement of User into Incorrect Group
description	The product or the administrator places a user into an incorrect group.

cwe_id	863
name	Incorrect Authorization
description	The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.

Exploits

Severity_range_score 4.4 - 8.9

Exploitability 0.5

Weighted_severity 8.0

Risk_score 4.0

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-fa27-n4rs-h7gp

Vulnerability Instance