CVE-2023-38496

LOW Year: 2023
CVSS v3 Score
3.3
Low
Weakness Type
CWE-269
View all →

Vulnerability Description

Apptainer is an open source container platform. Version 1.2.0-rc.2 introduced an ineffective privilege drop when requesting container network setup, therefore subsequent functions are called with root privileges, the attack surface is rather limited for users but an attacker could possibly craft a starter config to delete any directory on the host filesystems. A security fix has been included in Apptainer 1.2.1. There is no known workaround outside of upgrading to Apptainer 1.2.1.

Related Vulnerabilities

CVE-2012-2148

LOW
CVSS:3.3(Low)

An issue exists in the property replacements feature in any descriptor in JBoxx AS 7.1.1 ignores java security policies

CWE-2692012

CVE-2017-5084

LOW
CVSS:3.3(Low)

Inappropriate implementation in image-burner in Google Chrome OS prior to 59.0.3071.92 allowed a local attacker to read local files via dbus-send commands to a BurnImage D-Bus endpoint.

CWE-2692017

CVE-2019-15332

LOW
CVSS:3.3(Low)

The Lava Z61 Android device with a build fingerprint of LAVA/Z61_2GB/Z61_2GB:8.1.0/O11019/1533889281:user/release-keys contains a pre-installed app with a package name of com.android.lava.powersave ap...

CWE-2692019

CVE-2020-16126

LOW
CVSS:3.3(Low)

An Ubuntu-specific modification to AccountsService in versions before 0.6.55-0ubuntu13.2, among other earlier versions, improperly dropped the ruid, allowing untrusted users to send signals to Account...

CWE-2692020

CVE-2020-4603

LOW
CVSS:3.3(Low)

IBM Security Guardium Insights 2.0.1 performs an operation at a privilege level that is higher than the minimum level required, which creates new weaknesses or amplifies the consequences of other weak...

CWE-2692020

CVE-2021-25336

LOW
CVSS:3.3(Low)

Improper access control in NotificationManagerService in Samsung mobile devices prior to SMR Mar-2021 Release 1 allows untrusted applications to acquire notification access via sending a crafted malic...

CWE-2692021