Apptainer is an open source container platform. Version 1.2.0-rc.2 introduced an ineffective privilege drop when requesting container network setup, therefore subsequent functions are called with root privileges, the attack surface is rather limited for users but an attacker could possibly craft a starter config to delete any directory on the host filesystems. A security fix has been included in Apptainer 1.2.1. There is no known workaround outside of upgrading to Apptainer 1.2.1.
History

Fri, 11 Oct 2024 21:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2023-07-25T21:02:12.018Z

Updated: 2024-10-10T17:31:57.112Z

Reserved: 2023-07-18T16:28:12.076Z

Link: CVE-2023-38496

cve-icon Vulnrichment

Updated: 2024-08-02T17:46:54.942Z

cve-icon NVD

Status : Modified

Published: 2023-07-25T22:15:10.503

Modified: 2024-11-21T08:13:41.667

Link: CVE-2023-38496

cve-icon Redhat

No data.