VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-f21p-csu2-aaar

Essentials
Severities (123)
References (30)
Severity details (31)
Exploits (0)
EPSS
History (0)

Vulnerability ID	VCID-f21p-csu2-aaar
Aliases	CVE-2022-29162 GHSA-f3fp-gc8g-vw66
Summary	runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. A bug was found in runc prior to version 1.1.2 where `runc exec --cap` created processes with non-empty inheritable Linux process capabilities, creating an atypical Linux environment and enabling programs with inheritable file capabilities to elevate those capabilities to the permitted set during execve(2). This bug did not affect the container security sandbox as the inheritable set never contained more capabilities than were included in the container's bounding set. This bug has been fixed in runc 1.1.2. This fix changes `runc exec --cap` behavior such that the additional capabilities granted to the process being executed (as specified via `--cap` arguments) do not include inheritable capabilities. In addition, `runc spec` is changed to not set any inheritable capabilities in the created example OCI spec (`config.json`) file.
Status	Published
Exploitability	0.5
Weighted Severity	8.0
Risk	4.0
Affected and Fixed Packages	Package Details

Weaknesses (1)

CWE-276

Incorrect Default Permissions

System	Score	Found at
rhas	Moderate	https://access.redhat.com/errata/RHSA-2022:5068
cvssv3	5.6	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-29162.json
epss	0.00045	https://api.first.org/data/v1/epss?cve=CVE-2022-29162
epss	0.00045	https://api.first.org/data/v1/epss?cve=CVE-2022-29162
epss	0.00045	https://api.first.org/data/v1/epss?cve=CVE-2022-29162
epss	0.00045	https://api.first.org/data/v1/epss?cve=CVE-2022-29162
epss	0.00045	https://api.first.org/data/v1/epss?cve=CVE-2022-29162
epss	0.00045	https://api.first.org/data/v1/epss?cve=CVE-2022-29162
epss	0.00045	https://api.first.org/data/v1/epss?cve=CVE-2022-29162
epss	0.00045	https://api.first.org/data/v1/epss?cve=CVE-2022-29162
epss	0.00045	https://api.first.org/data/v1/epss?cve=CVE-2022-29162
epss	0.00045	https://api.first.org/data/v1/epss?cve=CVE-2022-29162
epss	0.00045	https://api.first.org/data/v1/epss?cve=CVE-2022-29162
epss	0.00045	https://api.first.org/data/v1/epss?cve=CVE-2022-29162
epss	0.00045	https://api.first.org/data/v1/epss?cve=CVE-2022-29162
epss	0.00045	https://api.first.org/data/v1/epss?cve=CVE-2022-29162
epss	0.00045	https://api.first.org/data/v1/epss?cve=CVE-2022-29162
epss	0.00098	https://api.first.org/data/v1/epss?cve=CVE-2022-29162
epss	0.00098	https://api.first.org/data/v1/epss?cve=CVE-2022-29162
epss	0.00098	https://api.first.org/data/v1/epss?cve=CVE-2022-29162
epss	0.00098	https://api.first.org/data/v1/epss?cve=CVE-2022-29162
epss	0.00098	https://api.first.org/data/v1/epss?cve=CVE-2022-29162
epss	0.00098	https://api.first.org/data/v1/epss?cve=CVE-2022-29162
epss	0.00098	https://api.first.org/data/v1/epss?cve=CVE-2022-29162
epss	0.00098	https://api.first.org/data/v1/epss?cve=CVE-2022-29162
epss	0.00098	https://api.first.org/data/v1/epss?cve=CVE-2022-29162
epss	0.00098	https://api.first.org/data/v1/epss?cve=CVE-2022-29162
epss	0.00098	https://api.first.org/data/v1/epss?cve=CVE-2022-29162
epss	0.00098	https://api.first.org/data/v1/epss?cve=CVE-2022-29162
epss	0.00098	https://api.first.org/data/v1/epss?cve=CVE-2022-29162
epss	0.00098	https://api.first.org/data/v1/epss?cve=CVE-2022-29162
epss	0.00098	https://api.first.org/data/v1/epss?cve=CVE-2022-29162
epss	0.00098	https://api.first.org/data/v1/epss?cve=CVE-2022-29162
epss	0.00098	https://api.first.org/data/v1/epss?cve=CVE-2022-29162
epss	0.00098	https://api.first.org/data/v1/epss?cve=CVE-2022-29162
epss	0.00098	https://api.first.org/data/v1/epss?cve=CVE-2022-29162
epss	0.00098	https://api.first.org/data/v1/epss?cve=CVE-2022-29162
epss	0.00107	https://api.first.org/data/v1/epss?cve=CVE-2022-29162
epss	0.00107	https://api.first.org/data/v1/epss?cve=CVE-2022-29162
epss	0.00107	https://api.first.org/data/v1/epss?cve=CVE-2022-29162
epss	0.00107	https://api.first.org/data/v1/epss?cve=CVE-2022-29162
epss	0.00107	https://api.first.org/data/v1/epss?cve=CVE-2022-29162
epss	0.00107	https://api.first.org/data/v1/epss?cve=CVE-2022-29162
epss	0.00107	https://api.first.org/data/v1/epss?cve=CVE-2022-29162
epss	0.00107	https://api.first.org/data/v1/epss?cve=CVE-2022-29162
epss	0.00107	https://api.first.org/data/v1/epss?cve=CVE-2022-29162
epss	0.00107	https://api.first.org/data/v1/epss?cve=CVE-2022-29162
epss	0.00107	https://api.first.org/data/v1/epss?cve=CVE-2022-29162
epss	0.00107	https://api.first.org/data/v1/epss?cve=CVE-2022-29162
epss	0.00107	https://api.first.org/data/v1/epss?cve=CVE-2022-29162
epss	0.00107	https://api.first.org/data/v1/epss?cve=CVE-2022-29162
epss	0.00107	https://api.first.org/data/v1/epss?cve=CVE-2022-29162
epss	0.0011	https://api.first.org/data/v1/epss?cve=CVE-2022-29162
epss	0.0011	https://api.first.org/data/v1/epss?cve=CVE-2022-29162
epss	0.0011	https://api.first.org/data/v1/epss?cve=CVE-2022-29162
epss	0.0011	https://api.first.org/data/v1/epss?cve=CVE-2022-29162
epss	0.0011	https://api.first.org/data/v1/epss?cve=CVE-2022-29162
epss	0.0011	https://api.first.org/data/v1/epss?cve=CVE-2022-29162
epss	0.0011	https://api.first.org/data/v1/epss?cve=CVE-2022-29162
epss	0.0011	https://api.first.org/data/v1/epss?cve=CVE-2022-29162
epss	0.0011	https://api.first.org/data/v1/epss?cve=CVE-2022-29162
epss	0.00118	https://api.first.org/data/v1/epss?cve=CVE-2022-29162
epss	0.00118	https://api.first.org/data/v1/epss?cve=CVE-2022-29162
epss	0.00118	https://api.first.org/data/v1/epss?cve=CVE-2022-29162
epss	0.00118	https://api.first.org/data/v1/epss?cve=CVE-2022-29162
epss	0.00118	https://api.first.org/data/v1/epss?cve=CVE-2022-29162
epss	0.00118	https://api.first.org/data/v1/epss?cve=CVE-2022-29162
epss	0.00118	https://api.first.org/data/v1/epss?cve=CVE-2022-29162
epss	0.00118	https://api.first.org/data/v1/epss?cve=CVE-2022-29162
epss	0.00118	https://api.first.org/data/v1/epss?cve=CVE-2022-29162
epss	0.00118	https://api.first.org/data/v1/epss?cve=CVE-2022-29162
epss	0.00118	https://api.first.org/data/v1/epss?cve=CVE-2022-29162
epss	0.00118	https://api.first.org/data/v1/epss?cve=CVE-2022-29162
epss	0.00122	https://api.first.org/data/v1/epss?cve=CVE-2022-29162
epss	0.00122	https://api.first.org/data/v1/epss?cve=CVE-2022-29162
epss	0.00122	https://api.first.org/data/v1/epss?cve=CVE-2022-29162
epss	0.00122	https://api.first.org/data/v1/epss?cve=CVE-2022-29162
epss	0.00138	https://api.first.org/data/v1/epss?cve=CVE-2022-29162
epss	0.00138	https://api.first.org/data/v1/epss?cve=CVE-2022-29162
epss	0.00138	https://api.first.org/data/v1/epss?cve=CVE-2022-29162
epss	0.00138	https://api.first.org/data/v1/epss?cve=CVE-2022-29162
epss	0.00138	https://api.first.org/data/v1/epss?cve=CVE-2022-29162
epss	0.00138	https://api.first.org/data/v1/epss?cve=CVE-2022-29162
epss	0.00138	https://api.first.org/data/v1/epss?cve=CVE-2022-29162
epss	0.00138	https://api.first.org/data/v1/epss?cve=CVE-2022-29162
epss	0.00138	https://api.first.org/data/v1/epss?cve=CVE-2022-29162
epss	0.00138	https://api.first.org/data/v1/epss?cve=CVE-2022-29162
epss	0.00138	https://api.first.org/data/v1/epss?cve=CVE-2022-29162
epss	0.00138	https://api.first.org/data/v1/epss?cve=CVE-2022-29162
epss	0.00138	https://api.first.org/data/v1/epss?cve=CVE-2022-29162
epss	0.00138	https://api.first.org/data/v1/epss?cve=CVE-2022-29162
epss	0.0022	https://api.first.org/data/v1/epss?cve=CVE-2022-29162
rhbs	low	https://bugzilla.redhat.com/show_bug.cgi?id=2086398
cvssv3.1	4	https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1	5.9	https://github.com/opencontainers/runc/commit/d04de3a9b72d7a2455c1885fc75eb36d02cd17b5
generic_textual	MODERATE	https://github.com/opencontainers/runc/commit/d04de3a9b72d7a2455c1885fc75eb36d02cd17b5
ssvc	Track	https://github.com/opencontainers/runc/commit/d04de3a9b72d7a2455c1885fc75eb36d02cd17b5
cvssv3.1	5.9	https://github.com/opencontainers/runc/releases/tag/v1.1.2
generic_textual	MODERATE	https://github.com/opencontainers/runc/releases/tag/v1.1.2
ssvc	Track	https://github.com/opencontainers/runc/releases/tag/v1.1.2
cvssv3.1	5.9	https://github.com/opencontainers/runc/security/advisories/GHSA-f3fp-gc8g-vw66
generic_textual	MODERATE	https://github.com/opencontainers/runc/security/advisories/GHSA-f3fp-gc8g-vw66
ssvc	Track	https://github.com/opencontainers/runc/security/advisories/GHSA-f3fp-gc8g-vw66
cvssv3.1	5.9	https://lists.debian.org/debian-lts-announce/2023/03/msg00023.html
cvssv3.1	7.0	https://lists.debian.org/debian-lts-announce/2023/03/msg00023.html
generic_textual	HIGH	https://lists.debian.org/debian-lts-announce/2023/03/msg00023.html
ssvc	Track	https://lists.debian.org/debian-lts-announce/2023/03/msg00023.html
cvssv3.1	5.9	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AVPZBV7ISA7QKRPTC7ZXWKMIQI2HZEBB/
ssvc	Track	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AVPZBV7ISA7QKRPTC7ZXWKMIQI2HZEBB/
cvssv3.1	5.9	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D77CKD3AXPMU4PMQIQI5Q74SI4JATNND/
ssvc	Track	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D77CKD3AXPMU4PMQIQI5Q74SI4JATNND/
cvssv3.1	5.9	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GPQU4YC4AAY54JDXGDQHJEYKSXXG5T2Y/
ssvc	Track	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GPQU4YC4AAY54JDXGDQHJEYKSXXG5T2Y/
cvssv3.1	5.9	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AVPZBV7ISA7QKRPTC7ZXWKMIQI2HZEBB
generic_textual	MODERATE	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AVPZBV7ISA7QKRPTC7ZXWKMIQI2HZEBB
cvssv3.1	5.9	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D77CKD3AXPMU4PMQIQI5Q74SI4JATNND
generic_textual	MODERATE	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D77CKD3AXPMU4PMQIQI5Q74SI4JATNND
cvssv3.1	5.9	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GPQU4YC4AAY54JDXGDQHJEYKSXXG5T2Y
generic_textual	MODERATE	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GPQU4YC4AAY54JDXGDQHJEYKSXXG5T2Y
cvssv2	4.6	https://nvd.nist.gov/vuln/detail/CVE-2022-29162
cvssv3	7.8	https://nvd.nist.gov/vuln/detail/CVE-2022-29162
cvssv3.1	7.8	https://nvd.nist.gov/vuln/detail/CVE-2022-29162
archlinux	Low	https://security.archlinux.org/AVG-2707

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-29162.json
		https://api.first.org/data/v1/epss?cve=CVE-2022-29162
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29162
		https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
		https://github.com/opencontainers/runc/commit/d04de3a9b72d7a2455c1885fc75eb36d02cd17b5
		https://github.com/opencontainers/runc/releases/tag/v1.1.2
		https://github.com/opencontainers/runc/security/advisories/GHSA-f3fp-gc8g-vw66
		https://lists.debian.org/debian-lts-announce/2023/03/msg00023.html
		https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AVPZBV7ISA7QKRPTC7ZXWKMIQI2HZEBB/
		https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D77CKD3AXPMU4PMQIQI5Q74SI4JATNND/
		https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GPQU4YC4AAY54JDXGDQHJEYKSXXG5T2Y/
		https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AVPZBV7ISA7QKRPTC7ZXWKMIQI2HZEBB
		https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AVPZBV7ISA7QKRPTC7ZXWKMIQI2HZEBB/
		https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D77CKD3AXPMU4PMQIQI5Q74SI4JATNND
		https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D77CKD3AXPMU4PMQIQI5Q74SI4JATNND/
		https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GPQU4YC4AAY54JDXGDQHJEYKSXXG5T2Y
		https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GPQU4YC4AAY54JDXGDQHJEYKSXXG5T2Y/
2086398		https://bugzilla.redhat.com/show_bug.cgi?id=2086398
AVG-2707		https://security.archlinux.org/AVG-2707
cpe:2.3:a:linuxfoundation:runc::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:linuxfoundation:runc::::::::
cpe:2.3:o:fedoraproject:fedora:34:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:34:::::::*
cpe:2.3:o:fedoraproject:fedora:35:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:35:::::::*
cpe:2.3:o:fedoraproject:fedora:36:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:36:::::::*
CVE-2022-29162		https://nvd.nist.gov/vuln/detail/CVE-2022-29162
GLSA-202408-25		https://security.gentoo.org/glsa/202408-25
RHSA-2022:5068		https://access.redhat.com/errata/RHSA-2022:5068
RHSA-2022:7457		https://access.redhat.com/errata/RHSA-2022:7457
RHSA-2022:7469		https://access.redhat.com/errata/RHSA-2022:7469
RHSA-2022:8090		https://access.redhat.com/errata/RHSA-2022:8090
USN-6088-2		https://usn.ubuntu.com/6088-2/

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-29162.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L Found at https://github.com/opencontainers/runc/commit/d04de3a9b72d7a2455c1885fc75eb36d02cd17b5

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:07:31Z/ Found at https://github.com/opencontainers/runc/commit/d04de3a9b72d7a2455c1885fc75eb36d02cd17b5

Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L Found at https://github.com/opencontainers/runc/releases/tag/v1.1.2

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:07:31Z/ Found at https://github.com/opencontainers/runc/releases/tag/v1.1.2

Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L Found at https://github.com/opencontainers/runc/security/advisories/GHSA-f3fp-gc8g-vw66

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:07:31Z/ Found at https://github.com/opencontainers/runc/security/advisories/GHSA-f3fp-gc8g-vw66

Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L Found at https://lists.debian.org/debian-lts-announce/2023/03/msg00023.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://lists.debian.org/debian-lts-announce/2023/03/msg00023.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:07:31Z/ Found at https://lists.debian.org/debian-lts-announce/2023/03/msg00023.html

Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L Found at https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AVPZBV7ISA7QKRPTC7ZXWKMIQI2HZEBB/

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:07:31Z/ Found at https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AVPZBV7ISA7QKRPTC7ZXWKMIQI2HZEBB/

Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L Found at https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D77CKD3AXPMU4PMQIQI5Q74SI4JATNND/

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L Found at https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GPQU4YC4AAY54JDXGDQHJEYKSXXG5T2Y/

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L Found at https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AVPZBV7ISA7QKRPTC7ZXWKMIQI2HZEBB

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L Found at https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D77CKD3AXPMU4PMQIQI5Q74SI4JATNND

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L Found at https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GPQU4YC4AAY54JDXGDQHJEYKSXXG5T2Y

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P Found at https://nvd.nist.gov/vuln/detail/CVE-2022-29162

Exploitability (E)	Access Vector (AV)	Access Complexity (AC)	Authentication (Au)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
high functional unproven proof_of_concept not_defined	local adjacent_network network	high medium low	multiple single none	none partial complete	none partial complete	none partial complete

Exploitability (E)

Access Vector (AV)

Access Complexity (AC)

Authentication (Au)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

partial

complete

none

partial

complete

none

partial

complete

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2022-29162

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2022-29162

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Exploit Prediction Scoring System (EPSS)

Percentile	0.15160
EPSS Score	0.00045
Published At	Nov. 1, 2024, midnight

Date	Actor	Action	Source	VulnerableCode Version
There are no relevant records.