Vulnerabilities
Misconfiguration
Compliance
CVE Vulnerabilities

CVE-2023-28642

Improper Preservation of Permissions

Published: Mar 29, 2023 | Modified: Dec 06, 2024
CVSS 3.x
7.8
HIGH
Source:
NVD
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVSS 2.x
RedHat/V2
RedHat/V3
7.8 MODERATE
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Ubuntu
MEDIUM
Vulnerability-free packages from our partners
root.io logo minimus.io logo echo.ai logo
Additional information
NVDhttps://nvd.nist.gov/vuln/detail/CVE-2023-28642
CWEhttps://cwe.mitre.org/data/definitions/281.html

runc is a CLI tool for spawning and running containers according to the OCI specification. It was found that AppArmor can be bypassed when /proc inside the container is symlinked with a specific mount configuration. This issue has been fixed in runc version 1.1.5, by prohibiting symlinked /proc. See PR #3785 for details. users are advised to upgrade. Users unable to upgrade should avoid using an untrusted container image.

Weakness

The product does not preserve permissions or incorrectly preserves permissions when copying, restoring, or sharing objects, which can cause them to have less restrictive permissions than intended.

Affected Software

NameVendorStart VersionEnd Version
RuncLinuxfoundation*1.1.5 (excluding)
Red Hat Enterprise Linux 8RedHatcontainer-tools:4.0-8090020230828093056.e7857ab1*
Red Hat Enterprise Linux 8RedHatcontainer-tools:rhel8-8090020230825121312.e7857ab1*
Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update SupportRedHatcontainer-tools:3.0-8040020240104111259.c0c392d5*
Red Hat Enterprise Linux 8.4 Telecommunications Update ServiceRedHatcontainer-tools:3.0-8040020240104111259.c0c392d5*
Red Hat Enterprise Linux 8.4 Update Services for SAP SolutionsRedHatcontainer-tools:3.0-8040020240104111259.c0c392d5*
Red Hat Enterprise Linux 9RedHatrunc-4:1.1.9-1.el9*
Red Hat OpenShift Container Platform 4.13RedHatopenshift4/ose-vsphere-csi-driver-syncer-rhel8:v4.13.0-202304190216.p0.g6f4295b.assembly.stream*
RuncUbuntubionic*
RuncUbuntudevel*
RuncUbuntuesm-apps/bionic*
RuncUbuntuesm-apps/xenial*
RuncUbuntuesm-infra/focal*
RuncUbuntufocal*
RuncUbuntujammy*
RuncUbuntukinetic*
RuncUbuntulunar*
RuncUbuntutrusty*
RuncUbuntuupstream*
RuncUbuntuxenial*

References

Aqua Security is the largest pure-play cloud native security company, providing customers the freedom to innovate and run their businesses with minimal friction. The Aqua Cloud Native Security Platform provides prevention, detection, and response automation across the entire application lifecycle to secure the build, secure cloud infrastructure and secure running workloads wherever they are deployed.
Copyright © 2026 Aqua Security Software Ltd.   Privacy Policy | Terms of Use