CVE-2022-41939 - OpenCVE

knative.dev/func is is a client library and CLI enabling the development and deployment of Kubernetes functions. Developers using a malicious or compromised third-party buildpack could expose their registry credentials or local docker socket to a malicious `lifecycle` container. This issues has been patched in PR #1442, and is part of release 1.8.1. This issue only affects users who are using function buildpacks from third-parties; pinning the builder image to a specific content-hash with a valid `lifecycle` image will also mitigate the attack.

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Changed

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Linuxfoundation	Knative Func

Configuration 1 [-]

cpe:2.3:a:linuxfoundation:knative_func:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://github.com/knative/func/blob/5ca77d38744d3481cc0b795f607c5859b19588fc/buildpacks/builder.go#L37-L41
https://github.com/knative/func/pull/1442
https://github.com/knative/func/releases/tag/knative-v1.8.1
https://github.com/knative/func/security/advisories/GHSA-5336-2g3f-9g3m

History

No history.

MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2022-11-19T00:00:00

Updated: 2024-08-03T12:56:38.664Z

Reserved: 2022-09-30T00:00:00

Link: CVE-2022-41939

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2022-11-19T01:15:13.363

Modified: 2023-03-14T15:35:40.793

Link: CVE-2022-41939

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2022-41939", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "dateUpdated": "2024-08-03T12:56:38.664Z", "dateReserved": "2022-09-30T00:00:00", "datePublished": "2022-11-19T00:00:00"}, "containers": {"cna": {"title": "Credential exposure when running third-party builders in knative/func", "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2022-11-19T00:00:00"}, "descriptions": [{"lang": "en", "value": "knative.dev/func is is a client library and CLI enabling the development and deployment of Kubernetes functions. Developers using a malicious or compromised third-party buildpack could expose their registry credentials or local docker socket to a malicious `lifecycle` container. This issues has been patched in PR #1442, and is part of release 1.8.1. This issue only affects users who are using function buildpacks from third-parties; pinning the builder image to a specific content-hash with a valid `lifecycle` image will also mitigate the attack."}], "affected": [{"vendor": "knative", "product": "func", "versions": [{"version": "< 1.8.1", "status": "affected"}]}], "references": [{"url": "https://github.com/knative/func/security/advisories/GHSA-5336-2g3f-9g3m"}, {"url": "https://github.com/knative/func/pull/1442"}, {"url": "https://github.com/knative/func/blob/5ca77d38744d3481cc0b795f607c5859b19588fc/buildpacks/builder.go#L37-L41"}, {"url": "https://github.com/knative/func/releases/tag/knative-v1.8.1"}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM"}}], "problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor", "cweId": "CWE-200"}]}], "source": {"advisory": "GHSA-5336-2g3f-9g3m", "discovery": "UNKNOWN"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T12:56:38.664Z"}, "title": "CVE Program Container", "references": [{"url": "https://github.com/knative/func/security/advisories/GHSA-5336-2g3f-9g3m", "tags": ["x_transferred"]}, {"url": "https://github.com/knative/func/pull/1442", "tags": ["x_transferred"]}, {"url": "https://github.com/knative/func/blob/5ca77d38744d3481cc0b795f607c5859b19588fc/buildpacks/builder.go#L37-L41", "tags": ["x_transferred"]}, {"url": "https://github.com/knative/func/releases/tag/knative-v1.8.1", "tags": ["x_transferred"]}]}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:linuxfoundation:knative_func:*:*:*:*:*:*:*:*", "matchCriteriaId": "4897A738-2285-4D52-A875-60719F256601", "versionEndExcluding": "1.8.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "knative.dev/func is is a client library and CLI enabling the development and deployment of Kubernetes functions. Developers using a malicious or compromised third-party buildpack could expose their registry credentials or local docker socket to a malicious `lifecycle` container. This issues has been patched in PR #1442, and is part of release 1.8.1. This issue only affects users who are using function buildpacks from third-parties; pinning the builder image to a specific content-hash with a valid `lifecycle` image will also mitigate the attack."}, {"lang": "es", "value": "knative.dev/func es una librer\u00eda cliente y CLI que permite el desarrollo y la implementaci\u00f3n de funciones de Kubernetes. Los desarrolladores que utilizan un paquete de compilaci\u00f3n de terceros malicioso o comprometido podr\u00edan exponer sus credenciales de registro o su conector acoplable local a un contenedor de \"ciclo de vida\" malicioso. Este problema se solucion\u00f3 en PR #1442 y es parte de la versi\u00f3n 1.8.1. Este problema solo afecta a los usuarios que utilizan paquetes de funciones de terceros; fijar la imagen del generador a un hash de contenido espec\u00edfico con una imagen de \"lifecycle\" v\u00e1lida tambi\u00e9n mitigar\u00e1 el ataque."}], "id": "CVE-2022-41939", "lastModified": "2023-03-14T15:35:40.793", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 4.0, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.6, "impactScore": 4.0, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2022-11-19T01:15:13.363", "references": [{"source": "security-advisories@github.com", "tags": ["Third Party Advisory"], "url": "https://github.com/knative/func/blob/5ca77d38744d3481cc0b795f607c5859b19588fc/buildpacks/builder.go#L37-L41"}, {"source": "security-advisories@github.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/knative/func/pull/1442"}, {"source": "security-advisories@github.com", "tags": ["Release Notes", "Third Party Advisory"], "url": "https://github.com/knative/func/releases/tag/knative-v1.8.1"}, {"source": "security-advisories@github.com", "tags": ["Exploit", "Patch", "Third Party Advisory"], "url": "https://github.com/knative/func/security/advisories/GHSA-5336-2g3f-9g3m"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}], "source": "security-advisories@github.com", "type": "Primary"}]}