CVE-2023-38496

Apptainer is an open source container platform. Version 1.2.0-rc.2 introduced an ineffective privilege drop when requesting container network setup, therefore subsequent functions are called with root privileges, the attack surface is rather limited for users but an attacker could possibly craft a starter config to delete any directory on the host filesystems. A security fix has been included in Apptainer 1.2.1. There is no known workaround outside of upgrading to Apptainer 1.2.1.

CVSS v3 3.3 LOW

3.3^/10

CVSS v3 : LOW

Vector :

Exploitability : 1.8 / Impact : 1.4

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://github.com/apptainer/apptainer/pull/1523	Patch
https://github.com/apptainer/apptainer/pull/1578	Patch
https://github.com/apptainer/apptainer/security/advisories/GHSA-mmx5-32m4-wxvx	Patch Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:lfprojects:apptainer:1.2.0:-::::go::*
	cpe:2.3:a:lfprojects:apptainer:1.2.0:rc2::::go::*

History

No history.

Information

Published : 2023-07-25 22:15

Updated : 2023-08-02 19:32

NVD link : CVE-2023-38496

Mitre link : CVE-2023-38496

CVE.ORG link : CVE-2023-38496

JSON object : View

Products Affected

lfprojects

apptainer

CWE

NVD-CWE-noinfo CWE-269

Improper Privilege Management

CWE-271

Privilege Dropping / Lowering Errors

{"id": "CVE-2023-38496", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 3.3, "attackVector": "LOCAL", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 1.8}, {"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.1, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 4.2, "exploitabilityScore": 1.8}]}, "published": "2023-07-25T22:15:10.503", "references": [{"url": "https://github.com/apptainer/apptainer/pull/1523", "tags": ["Patch"], "source": "security-advisories@github.com"}, {"url": "https://github.com/apptainer/apptainer/pull/1578", "tags": ["Patch"], "source": "security-advisories@github.com"}, {"url": "https://github.com/apptainer/apptainer/security/advisories/GHSA-mmx5-32m4-wxvx", "tags": ["Patch", "Vendor Advisory"], "source": "security-advisories@github.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}, {"type": "Secondary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-269"}, {"lang": "en", "value": "CWE-271"}]}], "descriptions": [{"lang": "en", "value": "Apptainer is an open source container platform. Version 1.2.0-rc.2 introduced an ineffective privilege drop when requesting container network setup, therefore subsequent functions are called with root privileges, the attack surface is rather limited for users but an attacker could possibly craft a starter config to delete any directory on the host filesystems. A security fix has been included in Apptainer 1.2.1. There is no known workaround outside of upgrading to Apptainer 1.2.1."}], "lastModified": "2023-08-02T19:32:49.440", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:lfprojects:apptainer:1.2.0:-:*:*:*:go:*:*", "vulnerable": true, "matchCriteriaId": "7B4FFEA3-9FB9-4B9F-968E-E5C3282B6786"}, {"criteria": "cpe:2.3:a:lfprojects:apptainer:1.2.0:rc2:*:*:*:go:*:*", "vulnerable": true, "matchCriteriaId": "35B641D0-6C93-45F0-A297-1BBE3BF65DB6"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}