CVE-2023-38496

CVSS 3.1 Score 3.3 of 10 (low)

Details

Published Jul 25, 2023

Updated: Aug 2, 2023

CWE ID 269

CWE ID 271

Summary

CVE-2023-38496 affects Apptainer, an open source container platform. In version 1.2.0-rc.2, a privilege drop during container network setup was found to be ineffective, leading to subsequent functions being executed with root privileges. This vulnerability poses a limited attack surface, but an attacker could potentially manipulate a starter config to delete directories on the host filesystems. Apptainer users are strongly advised to upgrade to version 1.2.1 to mitigate this issue. No known workarounds exist aside from the upgrade.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

LF Projects, LLC

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/sCSRnF
https://www.cve.org/CVERecord?id=CVE-2023-38496
https://nvd.nist.gov/vuln/detail/CVE-2023-38496

Back to Vulnerability Database

CVE-2023-38496

CVSS 3.1 Score 3.3 of 10 (low)

Details

Summary

Affected Vendors

Advisories, Assessments, and Mitigations