Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2022-42150

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-19 Oct, 2023 | 00:00
Updated At-12 Sep, 2024 | 20:51
Rejected At-
Credits

TinyLab linux-lab v1.1-rc1 and cloud-labv0.8-rc2, v1.1-rc1 are vulnerable to insecure permissions. The default configuration could cause Container Escape.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:19 Oct, 2023 | 00:00
Updated At:12 Sep, 2024 | 20:51
Rejected At:
▼CVE Numbering Authority (CNA)

TinyLab linux-lab v1.1-rc1 and cloud-labv0.8-rc2, v1.1-rc1 are vulnerable to insecure permissions. The default configuration could cause Container Escape.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://github.com/tinyclub/linux-lab/issues/14
N/A
https://hackmd.io/%40UR9gnr32QymtmtZHnZceOw/ry428EZGo
N/A
https://github.com/tinyclub/cloud-lab/blob/d19ff92713685a7fb84b423dea6a184b25c378c9/configs/common/seccomp-profiles-default.json
N/A
https://github.com/eBPF-Research/eBPF-Attack/blob/main/PoC.md#attack-requirements
N/A
https://www.usenix.org/conference/usenixsecurity23/presentation/he
N/A
Hyperlink: https://github.com/tinyclub/linux-lab/issues/14
Resource: N/A
Hyperlink: https://hackmd.io/%40UR9gnr32QymtmtZHnZceOw/ry428EZGo
Resource: N/A
Hyperlink: https://github.com/tinyclub/cloud-lab/blob/d19ff92713685a7fb84b423dea6a184b25c378c9/configs/common/seccomp-profiles-default.json
Resource: N/A
Hyperlink: https://github.com/eBPF-Research/eBPF-Attack/blob/main/PoC.md#attack-requirements
Resource: N/A
Hyperlink: https://www.usenix.org/conference/usenixsecurity23/presentation/he
Resource: N/A
▼Authorized Data Publishers (ADP)
1. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://github.com/tinyclub/linux-lab/issues/14
x_transferred
https://hackmd.io/%40UR9gnr32QymtmtZHnZceOw/ry428EZGo
x_transferred
https://github.com/tinyclub/cloud-lab/blob/d19ff92713685a7fb84b423dea6a184b25c378c9/configs/common/seccomp-profiles-default.json
x_transferred
https://github.com/eBPF-Research/eBPF-Attack/blob/main/PoC.md#attack-requirements
x_transferred
https://www.usenix.org/conference/usenixsecurity23/presentation/he
x_transferred
Hyperlink: https://github.com/tinyclub/linux-lab/issues/14
Resource:
x_transferred
Hyperlink: https://hackmd.io/%40UR9gnr32QymtmtZHnZceOw/ry428EZGo
Resource:
x_transferred
Hyperlink: https://github.com/tinyclub/cloud-lab/blob/d19ff92713685a7fb84b423dea6a184b25c378c9/configs/common/seccomp-profiles-default.json
Resource:
x_transferred
Hyperlink: https://github.com/eBPF-Research/eBPF-Attack/blob/main/PoC.md#attack-requirements
Resource:
x_transferred
Hyperlink: https://www.usenix.org/conference/usenixsecurity23/presentation/he
Resource:
x_transferred
2. CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:19 Oct, 2023 | 20:15
Updated At:07 Nov, 2023 | 03:53

TinyLab linux-lab v1.1-rc1 and cloud-labv0.8-rc2, v1.1-rc1 are vulnerable to insecure permissions. The default configuration could cause Container Escape.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.110.0CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Type: Primary
Version: 3.1
Base score: 10.0
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
CPE Matches
tinylab
tinylab
>>cloud_lab>>0.8
cpe:2.3:a:tinylab:cloud_lab:0.8:rc2:*:*:*:*:*:*
tinylab
tinylab
>>cloud_lab>>1.1
cpe:2.3:a:tinylab:cloud_lab:1.1:rc1:*:*:*:*:*:*
tinylab
tinylab
>>linux_lab>>1.1
cpe:2.3:a:tinylab:linux_lab:1.1:rc1:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-276Primarynvd@nist.gov
CWE ID: CWE-276
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://github.com/eBPF-Research/eBPF-Attack/blob/main/PoC.md#attack-requirementscve@mitre.org
Exploit
Third Party Advisory
https://github.com/tinyclub/cloud-lab/blob/d19ff92713685a7fb84b423dea6a184b25c378c9/configs/common/seccomp-profiles-default.jsoncve@mitre.org
Patch
https://github.com/tinyclub/linux-lab/issues/14cve@mitre.org
Issue Tracking
https://hackmd.io/%40UR9gnr32QymtmtZHnZceOw/ry428EZGocve@mitre.org
N/A
https://www.usenix.org/conference/usenixsecurity23/presentation/hecve@mitre.org
Exploit
Third Party Advisory
Hyperlink: https://github.com/eBPF-Research/eBPF-Attack/blob/main/PoC.md#attack-requirements
Source: cve@mitre.org
Resource:
Exploit
Third Party Advisory
Hyperlink: https://github.com/tinyclub/cloud-lab/blob/d19ff92713685a7fb84b423dea6a184b25c378c9/configs/common/seccomp-profiles-default.json
Source: cve@mitre.org
Resource:
Patch
Hyperlink: https://github.com/tinyclub/linux-lab/issues/14
Source: cve@mitre.org
Resource:
Issue Tracking
Hyperlink: https://hackmd.io/%40UR9gnr32QymtmtZHnZceOw/ry428EZGo
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://www.usenix.org/conference/usenixsecurity23/presentation/he
Source: cve@mitre.org
Resource:
Exploit
Third Party Advisory

Change History

0
Information is not available yet

Similar CVEs

3Records found
CVE-2023-29131
Matching Score-4
Assigner-Siemens
ShareView Details
Matching Score-4
Assigner-Siemens
CVSS Score-7.4||HIGH
EPSS-0.02% / 3.82%
||
7 Day CHG~0.00%
Published-11 Jul, 2023 | 09:07
Updated-12 Nov, 2024 | 17:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SIMATIC CN 4100 (All versions < V2.5). Affected device consists of an incorrect default value in the SSH configuration. This could allow an attacker to bypass network isolation.

Action-Not Available
Vendor-Siemens AG
Product-simatic_cn_4100SIMATIC CN 4100
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2020-29492
Matching Score-4
Assigner-Dell
ShareView Details
Matching Score-4
Assigner-Dell
CVSS Score-10||CRITICAL
EPSS-0.86% / 74.07%
||
7 Day CHG~0.00%
Published-04 Jan, 2021 | 21:15
Updated-16 Sep, 2024 | 20:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Wyse ThinOS 8.6 and prior versions contain an insecure default configuration vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to access the writable file and manipulate the configuration of any target specific station.

Action-Not Available
Vendor-Dell Inc.
Product-wyse_thinoswyse_5060wyse_3040wyse_7010wyse_5470wyse_5040wyse_5010wyse_5070Wyse Proprietary OS (ThinOS)
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2020-29491
Matching Score-4
Assigner-Dell
ShareView Details
Matching Score-4
Assigner-Dell
CVSS Score-10||CRITICAL
EPSS-0.91% / 74.80%
||
7 Day CHG~0.00%
Published-04 Jan, 2021 | 21:15
Updated-17 Sep, 2024 | 03:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Wyse ThinOS 8.6 and prior versions contain an insecure default configuration vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to gain access to the sensitive information on the local network, leading to the potential compromise of impacted thin clients.

Action-Not Available
Vendor-Dell Inc.
Product-wyse_thinoswyse_5060wyse_3040wyse_7010wyse_5470wyse_5040wyse_5010wyse_5070Wyse Proprietary OS (ThinOS)
CWE ID-CWE-276
Incorrect Default Permissions
Details not found