CVSS: 8.5EPSS: 0%CPEs: 4EXPL: 0CVE-2020-5291 – Privilege escalation in setuid mode via user namespaces in Bubblewrap
https://notcve.org/view.php?id=CVE-2020-5291
31 Mar 2020 — Bubblewrap (bwrap) before version 0.4.1, if installed in setuid mode and the kernel supports unprivileged user namespaces, then the `bwrap --userns2` option can be used to make the setuid process keep running as root while being traceable. This can in turn be used to gain root permissions. Note that this only affects the combination of bubblewrap in setuid mode (which is typically used when unprivileged user namespaces are not supported) and the support of unprivileged user namespaces. Known to be affected ... • https://github.com/containers/bubblewrap/commit/1f7e2ad948c051054b683461885a0215f1806240 • CWE-269: Improper Privilege Management CWE-648: Incorrect Use of Privileged APIs •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-12439 – bubblewrap: temporary directory misuse as mount point
https://notcve.org/view.php?id=CVE-2019-12439
29 May 2019 — bubblewrap.c in Bubblewrap before 0.3.3 misuses temporary directories in /tmp as a mount point. In some particular configurations (related to XDG_RUNTIME_DIR), a local attacker may abuse this flaw to prevent other users from executing bubblewrap or potentially execute code. El archivo bubblewrap.c en Bubblewrap anterior de versión 0.3.3, utiliza de manera incorrecta directorios temporales en /tmp como un punto de montaje. En algunas configuraciones particulares (relacionadas con XDG_RUNTIME_DIR), un atacant... • http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00028.html • CWE-20: Improper Input Validation CWE-377: Insecure Temporary File •
CVSS: 3.3EPSS: 0%CPEs: 1EXPL: 0CVE-2016-6349
https://notcve.org/view.php?id=CVE-2016-6349
29 Mar 2017 — The machinectl command in oci-register-machine allows local users to list running containers and possibly obtain sensitive information by running that command. El comando machinectl en oci-register-machine permite a usuarios locales listar contenedores en ejecución y posiblemente obtener información sensible ejecutando ese comando. • http://www.openwall.com/lists/oss-security/2016/07/26/9 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 10.0EPSS: 7%CPEs: 1EXPL: 1CVE-2017-5226
https://notcve.org/view.php?id=CVE-2017-5226
29 Mar 2017 — When executing a program via the bubblewrap sandbox, the nonpriv session can escape to the parent session by using the TIOCSTI ioctl to push characters into the terminal's input buffer, allowing an attacker to escape the sandbox. "Al ejecutar un programa a través del sandbox bubblewrap, la sesión nonpriv puede escapar a la sesión padre utilizando el ioctl de TIOCSTI para insertar caracteres en el búfer de entrada del terminal, permitiendo a un atacante escapar del sandbox. " • http://www.openwall.com/lists/oss-security/2020/07/10/1 • CWE-20: Improper Input Validation •