CVE-2022-2989
moderate-risk
Published 2022-09-13
An incorrect handling of the supplementary groups in the Podman container engine might lead to the sensitive information disclosure or possible data modification if an attacker has direct access to the affected container where supplementary groups are used to set access permissions and is able to execute a binary code in that container.
Do I need to act?
-
0.05% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.1/10
High
LOCAL
/ LOW complexity
Affected Products (6)
Affected Vendors
References (4)
35
/ 100
moderate-risk
Severity
22/34 · High
Exploitability
0/34 · Minimal
Exposure
13/34 · Low