RHEA-2023%3A7493 — Vulnetix

RHEA-2023%3A7493 PUBLISHED CVSS 7.300000190734863 HIGH

A flaw was found in containerd, where supplementary groups are not set up properly inside a container. If an attacker has direct access to a container and manipulates their supplementary group access, they may be able to use supplementary group access to bypass primary group restrictions in some cases. This issue can allow access to sensitive information or gain the ability to execute code in that container.

Risk Scores

CVSS 3.1

7.300000190734863

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L

Affected Products

…and 8 more

Exploit Intelligence

glcve_test.go (github-poc)

Timeline

Nov 27, 2023 CVE Published
Apr 25, 2026 Security Advisory
Apr 25, 2026 Security Advisory
May 15, 2026 CVE Updated

References

https://access.redhat.com/errata/RHEA-2023:7493 advisory
https://issues.redhat.com/browse/KATA-2135 advisory
https://issues.redhat.com/browse/KATA-2251 advisory
https://issues.redhat.com/browse/KATA-2302 advisory
https://issues.redhat.com/browse/KATA-2317 advisory
https://issues.redhat.com/browse/KATA-2321 advisory
https://issues.redhat.com/browse/KATA-2402 advisory
https://issues.redhat.com/browse/KATA-2411 advisory
https://issues.redhat.com/browse/KATA-2451 advisory
https://issues.redhat.com/browse/KATA-2452 advisory
https://issues.redhat.com/browse/KATA-2453 advisory
https://issues.redhat.com/browse/KATA-2454 advisory
https://issues.redhat.com/browse/KATA-2461 advisory
https://issues.redhat.com/browse/KATA-2462 advisory
https://issues.redhat.com/browse/KATA-2463 advisory
https://issues.redhat.com/browse/KATA-2464 advisory
https://issues.redhat.com/browse/KATA-2465 advisory
https://issues.redhat.com/browse/KATA-2466 advisory
https://issues.redhat.com/browse/KATA-2475 advisory
https://issues.redhat.com/browse/KATA-2476 advisory

…and 11 more

Open in Interactive Console →

Vendor	Product	Versions
Red Hat	openshift-sandboxed-containers/osc-rhel9-operator@sha256:32af14d95384759d0bc71c5a3243de5ed5baad46c115d32d5c87ff2379554067_s390x as a component of OpenShift Sandboxed Containers 1.5	*
Red Hat	openshift-sandboxed-containers/osc-cloud-api-adaptor-rhel9@sha256:aca3d50071c30b75433140f703f4a0dd8210aa07600ea94c2b1c2fbf27173893_s390x as a component of OpenShift Sandboxed Containers 1.5	openshift-sandboxed-containers/osc-cloud-api-adaptor-rhel9@sha256:aca3d50071c30b75433140f703f4a0dd8210aa07600ea94c2b1c2fbf27173893_s390x
Red Hat	openshift-sandboxed-containers/osc-monitor-rhel9@sha256:0cdbaed1c4e0fab4dd2ab109bfeb364997731ae8ef7c4e84b8cac397835f2053_amd64 as a component of OpenShift Sandboxed Containers 1.5	openshift-sandboxed-containers/osc-monitor-rhel9@sha256:0cdbaed1c4e0fab4dd2ab109bfeb364997731ae8ef7c4e84b8cac397835f2053_amd64
Red Hat	openshift-sandboxed-containers/osc-cloud-api-adaptor-rhel9@sha256:ceb940eac3a9706d189549d363820f867bf5d3768b26e62aeb247a42e3a0dd93_amd64 as a component of OpenShift Sandboxed Containers 1.5	openshift-sandboxed-containers/osc-cloud-api-adaptor-rhel9@sha256:ceb940eac3a9706d189549d363820f867bf5d3768b26e62aeb247a42e3a0dd93_amd64
Red Hat	openshift-sandboxed-containers/osc-operator-bundle@sha256:ab665121f5a9e3a9d7f7db76ff4c9d81bf2868a06a4deb6e13436b3a4f096823_s390x as a component of OpenShift Sandboxed Containers 1.5	openshift-sandboxed-containers/osc-operator-bundle@sha256:ab665121f5a9e3a9d7f7db76ff4c9d81bf2868a06a4deb6e13436b3a4f096823_s390x, *, openshift-sandboxed-containers/osc-operator-bundle@sha256:ab665121f5a9e3a9d7f7db76ff4c9d81bf2868a06a4deb6e13436b3a4f096823_s390x
Red Hat	openshift-sandboxed-containers/osc-must-gather-rhel9@sha256:91f6a0ab0f45b384850c0fec87a38bf9bf3455cfde4720975e646c542b00d6b7_s390x as a component of OpenShift Sandboxed Containers 1.5	openshift-sandboxed-containers/osc-must-gather-rhel9@sha256:91f6a0ab0f45b384850c0fec87a38bf9bf3455cfde4720975e646c542b00d6b7_s390x, *, openshift-sandboxed-containers/osc-must-gather-rhel9@sha256:91f6a0ab0f45b384850c0fec87a38bf9bf3455cfde4720975e646c542b00d6b7_s390x
Red Hat	openshift-sandboxed-containers/osc-podvm-payload-rhel9@sha256:989610c8ad1eb4b71be1498e40cca9b76d7edad27712fd165d3564c9d4006078_s390x as a component of OpenShift Sandboxed Containers 1.5	*, openshift-sandboxed-containers/osc-podvm-payload-rhel9@sha256:989610c8ad1eb4b71be1498e40cca9b76d7edad27712fd165d3564c9d4006078_s390x, openshift-sandboxed-containers/osc-podvm-payload-rhel9@sha256:989610c8ad1eb4b71be1498e40cca9b76d7edad27712fd165d3564c9d4006078_s390x
Red Hat	openshift-sandboxed-containers/osc-operator-bundle@sha256:ab665121f5a9e3a9d7f7db76ff4c9d81bf2868a06a4deb6e13436b3a4f096823_s390x as a component of OpenShift Sandboxed Containers 1.5	openshift-sandboxed-containers/osc-operator-bundle@sha256:ab665121f5a9e3a9d7f7db76ff4c9d81bf2868a06a4deb6e13436b3a4f096823_s390x
Red Hat	openshift-sandboxed-containers/osc-monitor-rhel9@sha256:0cdbaed1c4e0fab4dd2ab109bfeb364997731ae8ef7c4e84b8cac397835f2053_amd64 as a component of OpenShift Sandboxed Containers 1.5	, openshift-sandboxed-containers/osc-monitor-rhel9@sha256:0cdbaed1c4e0fab4dd2ab109bfeb364997731ae8ef7c4e84b8cac397835f2053_amd64,
Red Hat	openshift-sandboxed-containers/osc-rhel9-operator@sha256:4adb6f488fa6e2ee6e1a59665cecb49cebc0d0de6b8790abb3b1001f40f2a5fd_amd64 as a component of OpenShift Sandboxed Containers 1.5	*
Red Hat	openshift-sandboxed-containers/osc-operator-bundle@sha256:e51e8c3e5fc5fc24c1488303e2d92adf101813d1593add947558336c40127dc4_amd64 as a component of OpenShift Sandboxed Containers 1.5	openshift-sandboxed-containers/osc-operator-bundle@sha256:e51e8c3e5fc5fc24c1488303e2d92adf101813d1593add947558336c40127dc4_amd64, ,
Red Hat	openshift-sandboxed-containers/osc-monitor-rhel9@sha256:dce657064e74cf9790aeb155ecdf49b336311dd3afc76681f6e979110d8d6b10_s390x as a component of OpenShift Sandboxed Containers 1.5	, , openshift-sandboxed-containers/osc-monitor-rhel9@sha256:dce657064e74cf9790aeb155ecdf49b336311dd3afc76681f6e979110d8d6b10_s390x
Red Hat	openshift-sandboxed-containers/osc-rhel9-operator@sha256:32af14d95384759d0bc71c5a3243de5ed5baad46c115d32d5c87ff2379554067_s390x as a component of OpenShift Sandboxed Containers 1.5	, openshift-sandboxed-containers/osc-rhel9-operator@sha256:32af14d95384759d0bc71c5a3243de5ed5baad46c115d32d5c87ff2379554067_s390x,
Red Hat	openshift-sandboxed-containers/osc-must-gather-rhel9@sha256:8ead5cc2fba3a375f48748eb6dd2883728e1ac62f8afc6503bc4e034164a535c_amd64 as a component of OpenShift Sandboxed Containers 1.5	openshift-sandboxed-containers/osc-must-gather-rhel9@sha256:8ead5cc2fba3a375f48748eb6dd2883728e1ac62f8afc6503bc4e034164a535c_amd64, openshift-sandboxed-containers/osc-must-gather-rhel9@sha256:8ead5cc2fba3a375f48748eb6dd2883728e1ac62f8afc6503bc4e034164a535c_amd64, *
Red Hat	openshift-sandboxed-containers/osc-cloud-api-adaptor-rhel9@sha256:ceb940eac3a9706d189549d363820f867bf5d3768b26e62aeb247a42e3a0dd93_amd64 as a component of OpenShift Sandboxed Containers 1.5	, , *
Red Hat	openshift-sandboxed-containers/osc-must-gather-rhel9@sha256:91f6a0ab0f45b384850c0fec87a38bf9bf3455cfde4720975e646c542b00d6b7_s390x as a component of OpenShift Sandboxed Containers 1.5	openshift-sandboxed-containers/osc-must-gather-rhel9@sha256:91f6a0ab0f45b384850c0fec87a38bf9bf3455cfde4720975e646c542b00d6b7_s390x
Red Hat	openshift-sandboxed-containers/osc-cloud-api-adaptor-webhook-rhel9@sha256:d0277285d246d2015f0a94df01824801430831cfc767c9ccbb1688a9ec4dd743_amd64 as a component of OpenShift Sandboxed Containers 1.5	*
Red Hat	openshift-sandboxed-containers/osc-operator-bundle@sha256:e51e8c3e5fc5fc24c1488303e2d92adf101813d1593add947558336c40127dc4_amd64 as a component of OpenShift Sandboxed Containers 1.5	*
Red Hat	openshift-sandboxed-containers/osc-podvm-payload-rhel9@sha256:112f7dd50d65cdb5046ac16e88ceed3804f6861fc7271db2a2b842b0b4931360_amd64 as a component of OpenShift Sandboxed Containers 1.5	*
Red Hat	openshift-sandboxed-containers/osc-must-gather-rhel9@sha256:8ead5cc2fba3a375f48748eb6dd2883728e1ac62f8afc6503bc4e034164a535c_amd64 as a component of OpenShift Sandboxed Containers 1.5	openshift-sandboxed-containers/osc-must-gather-rhel9@sha256:8ead5cc2fba3a375f48748eb6dd2883728e1ac62f8afc6503bc4e034164a535c_amd64