johnsonjh / gfpsgo

gfpsgo: Fork of psgo, an IBM AIX-compatible ps(1) utility (and Go library) extended with various descriptors useful for displaying container-related data on Linux

Home Page:https://github.com/johnsonjh/gfpsgo

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

CVE-2022-29526 (Medium) detected in github.com/opencontainers/runc-v1.1.3

mend-bolt-for-github opened this issue · comments

CVE-2022-29526 - Medium Severity Vulnerability

Vulnerable Library - github.com/opencontainers/runc-v1.1.3

CLI tool for spawning and running containers according to the OCI specification

Dependency Hierarchy:

  • github.com/opencontainers/runc-v1.1.3 (Vulnerable Library)

Found in HEAD commit: 6789df2c12d580dbb86738ccfabf581ee7fea94e

Found in base branch: master

Vulnerability Details

Go before 1.17.10 and 1.18.x before 1.18.2 has Incorrect Privilege Assignment. When called with a non-zero flags parameter, the Faccessat function could incorrectly report that a file is accessible.

Publish Date: 2022-06-23

URL: CVE-2022-29526

CVSS 3 Score Details (5.3)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: Low
    • Integrity Impact: None
    • Availability Impact: None

For more information on CVSS3 Scores, click here.


Step up your Open Source Security Game with Mend here

Fixed in master