CVE-2022-29526 (Medium) detected in github.com/opencontainers/runc-v1.1.3
mend-bolt-for-github opened this issue · comments
CVE-2022-29526 - Medium Severity Vulnerability
Vulnerable Library - github.com/opencontainers/runc-v1.1.3
CLI tool for spawning and running containers according to the OCI specification
Dependency Hierarchy:
- ❌ github.com/opencontainers/runc-v1.1.3 (Vulnerable Library)
Found in HEAD commit: 6789df2c12d580dbb86738ccfabf581ee7fea94e
Found in base branch: master
Vulnerability Details
Go before 1.17.10 and 1.18.x before 1.18.2 has Incorrect Privilege Assignment. When called with a non-zero flags parameter, the Faccessat function could incorrectly report that a file is accessible.
Publish Date: 2022-06-23
URL: CVE-2022-29526
CVSS 3 Score Details (5.3)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: Low
- Integrity Impact: None
- Availability Impact: None
Step up your Open Source Security Game with Mend here
Fixed in master