Back to bug 2174485
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| Anten Skrabec | 2023-03-01 18:39:29 UTC | Depends On | 2174486 | |
| Anten Skrabec | 2023-03-01 19:39:55 UTC | CC | aazores, abenaiss, amackenz, amasferr, amctagga, aveerama, bbaude, bcoca, bdettelb, chazlett, cwelton, davidn, dcadzow, dkenigsb, dperaza, dshah, dsimansk, dwalsh, dymurray, eaguilar, ebaron, eglynn, ellin, epacific, fdeutsch, gparvin, ibolton, jcammara, jcantril, jchui, jhardy, jjoyce, jkang, jkoehler, jligon, jmatthew, jmontleo, jneedle, jnovy, jobarker, joelsmith, jpallich, jwendell, kaycoth, lball, lgamliel, lhh, lsm5, mabashia, matzew, mboddu, mburns, mfilanov, mgarciac, mheon, mkudlej, mrajanna, muagarwa, mwringe, nalin, nbecker, nboldt, njean, ocs-bugs, oramraz, osapryki, ovanders, owatkins, pahickey, pehunt, periklis, phoracek, pjindal, pthomas, rcernich, rfreiman, rgarg, rhos-maint, rhuss, rjohnson, rrajasek, scorneli, sfroberg, shbose, simaishi, skontopo, slucidi, smcdonal, smullick, spower, sseago, stcannon, teagle, tjochec, tkral, tnielsen, tsweeney, ubhargav, umohnani, whayutin, yguenane, zsadeh | |
| Anten Skrabec | 2023-03-01 20:13:31 UTC | Summary | containerd: Supplementary groups are not set up properly | CVE-2023-25173 containerd: Supplementary groups are not set up properly |
| Alias | CVE-2023-25173 | |||
| Anten Skrabec | 2023-03-01 20:15:13 UTC | Depends On | 2174544, 2174521, 2174536, 2174520, 2174539, 2174529, 2174523, 2174512, 2174517, 2174540, 2174527, 2174514, 2174532, 2174537, 2174534, 2174519, 2174535, 2174542, 2174525, 2174538, 2174518, 2174530, 2174528, 2174511, 2174545, 2174533, 2174526, 2174522, 2174515, 2174543, 2174541, 2174531, 2174524, 2174513 | |
| Anten Skrabec | 2023-03-01 20:16:26 UTC | Depends On | 2174551, 2174547, 2174546, 2174548, 2174550, 2174549, 2174552 | |
| Anten Skrabec | 2023-03-01 20:25:52 UTC | Depends On | 2174557, 2174560, 2174559, 2174554, 2174558, 2174553, 2174561, 2174555, 2174562, 2174556 | |
| Paige Jung | 2023-03-01 20:51:41 UTC | Doc Text | upplementary groups are not set up properly inside a container. If an attacker has direct access to a container and manipulates their supplementary group access, they may be able to use supplementary group access to bypass primary group restrictions in some cases, potentially gaining access to sensitive information or gaining the ability to execute code in that container. | A flaw was found in containerd, where supplementary groups are not set up properly inside a container. If an attacker has direct access to a container and manipulates their supplementary group access, they may be able to use supplementary group access to bypass primary group restrictions in some cases, potentially gaining access to sensitive information or gaining the ability to execute code in that container. |
| Anten Skrabec | 2023-03-01 23:09:31 UTC | CC | dfreiber, jburrell, rogbas, vkumar | |
| Lokesh Mandvekar | 2023-03-02 10:42:00 UTC | Doc Type | --- | If docs needed, set a value |
| RaTasha Tillery-Smith | 2023-03-02 12:47:17 UTC | Doc Text | A flaw was found in containerd, where supplementary groups are not set up properly inside a container. If an attacker has direct access to a container and manipulates their supplementary group access, they may be able to use supplementary group access to bypass primary group restrictions in some cases, potentially gaining access to sensitive information or gaining the ability to execute code in that container. | A flaw was found in containerd, where supplementary groups are not set up properly inside a container. If an attacker has direct access to a container and manipulates their supplementary group access, they may be able to use supplementary group access to bypass primary group restrictions in some cases. This issue can allow access to sensitive information or gain the ability to execute code in that container. |
| Ezequiel Aguilar | 2023-03-02 12:50:24 UTC | CC | eaguilar | |
| Borja Tarraso | 2023-03-02 14:30:41 UTC | CC | kaycoth | |
| TEJ RATHI | 2023-03-03 06:39:25 UTC | Depends On | 2175075, 2175069, 2175065, 2175066, 2175068, 2175072, 2175073, 2175071, 2175067, 2175070, 2175064, 2175074 | |
| Vipul Nair | 2023-03-06 10:54:27 UTC | Depends On | 2175692, 2175693 | |
| TEJ RATHI | 2023-03-06 11:55:27 UTC | CC | adudiak, kshier, tfister | |
| Tomáš Král | 2023-04-12 12:45:52 UTC | CC | tkral | |
| errata-xmlrpc | 2023-05-04 01:50:15 UTC | Link ID | Red Hat Product Errata RHSA-2023:2107 | |
| errata-xmlrpc | 2023-05-10 00:28:42 UTC | Link ID | Red Hat Product Errata RHSA-2023:1372 | |
| errata-xmlrpc | 2023-05-10 16:44:54 UTC | Link ID | Red Hat Product Errata RHSA-2023:2029 | |
| TEJ RATHI | 2023-05-15 10:27:20 UTC | CC | trathi | |
| Fixed In Version | containerd 1.5.18, contained 1.6.18 | containerd 1.5.18, containerd 1.6.18 | ||
| Red Hat Bugzilla | 2023-05-15 18:03:42 UTC | CC | rrajasek | |
| Red Hat Bugzilla | 2023-05-15 18:50:50 UTC | CC | dcadzow | |
| errata-xmlrpc | 2023-05-17 22:31:31 UTC | Link ID | Red Hat Product Errata RHSA-2023:1326 | |
| Red Hat Bugzilla | 2023-05-31 23:37:37 UTC | CC | mrajanna | |
| errata-xmlrpc | 2023-06-05 16:44:21 UTC | Link ID | Red Hat Product Errata RHSA-2023:3450 | |
| errata-xmlrpc | 2023-06-05 23:42:49 UTC | Link ID | Red Hat Product Errata RHSA-2023:3455 | |
| errata-xmlrpc | 2023-06-13 13:10:32 UTC | Link ID | Red Hat Product Errata RHSA-2023:3537 | |
| Red Hat Bugzilla | 2023-07-07 08:33:27 UTC | Assignee | security-response-team | nobody |
| errata-xmlrpc | 2023-07-18 00:18:37 UTC | Link ID | Red Hat Product Errata RHSA-2023:4025 | |
| errata-xmlrpc | 2023-07-27 01:10:07 UTC | Link ID | Red Hat Product Errata RHSA-2023:4226 | |
| Red Hat Bugzilla | 2023-08-03 08:29:14 UTC | CC | ocs-bugs | |
| errata-xmlrpc | 2023-08-07 00:27:43 UTC | Link ID | Red Hat Product Errata RHSA-2023:4488 |
Back to bug 2174485