DEBIAN-CVE-2022-2989

DEBIAN-CVE-2022-2989 PUBLISHED CVSS 7.099999904632568 HIGH

An incorrect handling of the supplementary groups in the Podman container engine might lead to the sensitive information disclosure or possible data modification if an attacker has direct access to the affected container where supplementary groups are used to set access permissions and is able to execute a binary code in that container.

Risk Scores

CVSS v3.1

7.099999904632568

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Affected Products

Vendor	Product	Versions
Debian:11	libpod	*, 3.0.1+dfsg1-3+deb11u1, 3.0.1+dfsg1-3+deb11u3
Debian:12	libpod	0, 0, 0

Timeline

Sep 13, 2022 CVE Published
Apr 28, 2026 CVE Updated

References

https://security-tracker.debian.org/tracker/CVE-2022-2989 advisory

Open in Interactive Console →