Apptainer
CVE-2023-38496
LOW
Severity by source
AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Lifecycle Timeline
1DescriptionNVD
Apptainer is an open source container platform. Version 1.2.0-rc.2 introduced an ineffective privilege drop when requesting container network setup, therefore subsequent functions are called with root privileges, the attack surface is rather limited for users but an attacker could possibly craft a starter config to delete any directory on the host filesystems. A security fix has been included in Apptainer 1.2.1. There is no known workaround outside of upgrading to Apptainer 1.2.1.
AnalysisAI
Apptainer is an open source container platform. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.
Technical ContextAI
This vulnerability is classified as Improper Privilege Management (CWE-269), which allows attackers to escalate privileges to gain unauthorized elevated access. Apptainer is an open source container platform. Version 1.2.0-rc.2 introduced an ineffective privilege drop when requesting container network setup, therefore subsequent functions are called with root privileges, the attack surface is rather limited for users but an attacker could possibly craft a starter config to delete any directory on the host filesystems. A security fix has been included in Apptainer 1.2.1. There is no known workaround outside of upgrading to Apptainer 1.2.1. Affected products include: Lfprojects Apptainer. Version information: Version 1.2.0.
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Apply principle of least privilege, validate privilege transitions, implement proper role separation.
Apptainer is an open source container platform for Linux. Rated high severity (CVSS 7.8), this vulnerability is low atta
A remote code execution vulnerability in Apptainer (CVSS 4.5). Remediation should follow standard vulnerability manageme
Same weakness CWE-269 – Improper Privilege Management
View allSame technique Privilege Escalation
View allShare
External POC / Exploit Code
Leaving vuln.today