[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2022-2990":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T02:55:30.529Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":26,"aliases":41,"duplicate_of":9,"upstream":44,"downstream":45,"duplicates":74,"related":75,"reserved_at":9,"published_at":95,"modified_at":96,"state":97,"summary":98,"references_raw":106,"kevs":153,"epss":154,"epss_history":157,"metrics":421,"affected":429},"CVE-2022-2990","An incorrect handling of the supplementary groups in the Buildah container engine might lead to the sensitive information disclosure or possible data modification if an attacker has direct access to the affected container where supplementary groups are used to set access permissions and is able to execute a binary code in that container.",null,[11,20],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":18,"capec":19},"CWE-863","Incorrect Authorization","The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.","weakness","Incomplete","Class","High",[],{"_key":21,"id":21,"name":22,"description":23,"type":15,"status":16,"abstraction":24,"likelihood_of_exploit":9,"capec":25},"CWE-842","Placement of User into Incorrect Group","The product or the administrator places a user into an incorrect group.","Base",[],[27,36],{"_key":28,"name":29,"source":30,"url":31,"maturity":32,"reliability_score":33,"verified":34,"type":9,"platforms":35,"requires_auth":9,"exploitdb":9,"metasploit":9},"REF_8C2F9CC1C4D896E2","Exploit Reference (benthamsgaze.org)","reference","https://www.benthamsgaze.org/2022/08/22/vulnerability-in-linux-containers-investigation-and-mitigation/","unknown",0.2,false,[],{"_key":37,"name":38,"source":30,"url":39,"maturity":32,"reliability_score":33,"verified":34,"type":9,"platforms":40,"requires_auth":9,"exploitdb":9,"metasploit":9},"REF_340B08E7D40DB77E","Exploit Reference (bugzilla.redhat.com)","https://bugzilla.redhat.com/show_bug.cgi?id=2121453",[],[42,43],"GHSA-fjm8-m7m6-2fjp","GO-2022-1008",[],[46,48,50,52,54,56,58,60,62,64,66,68,70,72],{"_key":47},"SUSE-SU-2023:4099-1",{"_key":49},"SUSE-SU-2022:3655-1",{"_key":51},"SUSE-SU-2022:3766-1",{"_key":53},"SUSE-SU-2022:4349-1",{"_key":55},"SUSE-SU-2022:4350-1",{"_key":57},"OPENSUSE-SU-2024:12289-1",{"_key":59},"RHSA-2022:7822",{"_key":61},"RHSA-2022:8431",{"_key":63},"MGASA-2023-0213",{"_key":65},"DEBIAN-CVE-2022-2990",{"_key":67},"UBUNTU-CVE-2022-2990",{"_key":69},"RHSA-2022:7457",{"_key":71},"RHSA-2022:8008",{"_key":73},"RHSA-2023:1325",[],[76,77,78,80,82,84,85,86,87,88,89,91,93],{"_key":63},{"_key":47},{"_key":79},"CVE-2022-2995",{"_key":81},"CVE-2022-36109",{"_key":83},"CVE-2023-25173",{"_key":49},{"_key":51},{"_key":53},{"_key":55},{"_key":57},{"_key":90},"CGA-X7MH-W3G6-2C7R",{"_key":92},"CVE-2022-2989",{"_key":94},"CGA-VVQF-M9G7-6V7C","2022-09-13T13:44:21.000Z","2024-08-03T00:53:00.654Z","Modified",{"cisa_kev":34,"cisa_ransomware":34,"cisa_vendor":9,"epss_severity":99,"epss_score":100,"severity":101,"severity_score":102,"severity_version":103,"severity_source":104,"severity_vector":105,"severity_status":97},"low",0.00087,"high",7.1,"v3.1","nvd","CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",[107,116,122,127,131,136,140,145,149],{"url":31,"sources":108,"tags":111},[109,104,110],"cve.org","osv_go",[112,113,114,115],"X Refsource MISC","Exploit","Third Party Advisory","ARTICLE",{"url":39,"sources":117,"tags":118},[109,104,110],[112,113,119,120,114,121],"Issue Tracking","Patch","WEB",{"url":123,"sources":124,"tags":125},"https://nvd.nist.gov/vuln/detail/CVE-2022-2990",[110],[126],"Advisory",{"url":128,"sources":129,"tags":130},"https://github.com/containers/buildah/pull/4200",[110],[121],{"url":132,"sources":133,"tags":134},"https://github.com/containers/buildah/commit/4a8bf740e862f2438279c6feee2ea59ddf0cda0b",[110],[121,135],"FIX",{"url":137,"sources":138,"tags":139},"https://access.redhat.com/security/cve/CVE-2022-2990",[110],[121],{"url":141,"sources":142,"tags":143},"https://github.com/containers/buildah",[110],[144],"PACKAGE",{"url":146,"sources":147,"tags":148},"https://pkg.go.dev/vuln/GO-2022-1008",[110],[121],{"url":150,"sources":151,"tags":152},"https://www.benthamsgaze.org/2022/08/22/vulnerability-in-linux-containers-investigation-and-mitigation",[110],[121],[],{"date":155,"score":100,"percentile":156},"2026-06-04",0.24973,[158,162,165,168,171,173,176,179,182,185,188,191,193,196,199,203,206,209,212,215,218,220,223,225,228,231,234,237,240,243,246,249,252,254,256,259,262,265,268,271,274,277,279,282,285,288,291,294,297,300,303,306,309,312,315,318,320,323,326,329,332,335,337,340,342,345,348,351,354,357,360,363,367,370,373,376,379,382,385,388,391,394,397,400,403,406,409,412,415,418],{"date":159,"score":160,"percentile":161},"2025-11-04",0.00127,0.32749,{"date":163,"score":160,"percentile":164},"2025-11-05",0.3273,{"date":166,"score":160,"percentile":167},"2025-11-06",0.32734,{"date":169,"score":160,"percentile":170},"2025-11-07",0.32751,{"date":172,"score":160,"percentile":161},"2025-11-08",{"date":174,"score":160,"percentile":175},"2025-11-09",0.32726,{"date":177,"score":160,"percentile":178},"2025-11-10",0.32673,{"date":180,"score":160,"percentile":181},"2025-11-11",0.32698,{"date":183,"score":160,"percentile":184},"2025-11-12",0.32743,{"date":186,"score":160,"percentile":187},"2025-11-13",0.3276,{"date":189,"score":160,"percentile":190},"2025-11-14",0.32762,{"date":192,"score":160,"percentile":190},"2025-11-15",{"date":194,"score":160,"percentile":195},"2025-11-16",0.32735,{"date":197,"score":160,"percentile":198},"2025-11-17",0.32708,{"date":200,"score":201,"percentile":202},"2025-11-18",0.00059,0.14048,{"date":204,"score":201,"percentile":205},"2025-11-19",0.14066,{"date":207,"score":201,"percentile":208},"2025-11-20",0.14079,{"date":210,"score":160,"percentile":211},"2025-11-21",0.3275,{"date":213,"score":160,"percentile":214},"2025-11-22",0.32754,{"date":216,"score":160,"percentile":217},"2025-11-23",0.32724,{"date":219,"score":160,"percentile":181},"2025-11-24",{"date":221,"score":160,"percentile":222},"2025-11-25",0.32696,{"date":224,"score":160,"percentile":222},"2025-11-26",{"date":226,"score":160,"percentile":227},"2025-11-27",0.32705,{"date":229,"score":160,"percentile":230},"2025-11-28",0.32691,{"date":232,"score":160,"percentile":233},"2025-11-29",0.32675,{"date":235,"score":160,"percentile":236},"2025-11-30",0.32649,{"date":238,"score":160,"percentile":239},"2025-12-01",0.3274,{"date":241,"score":160,"percentile":242},"2025-12-02",0.32765,{"date":244,"score":160,"percentile":245},"2025-12-03",0.32761,{"date":247,"score":160,"percentile":248},"2025-12-04",0.32658,{"date":250,"score":160,"percentile":251},"2025-12-05",0.32692,{"date":253,"score":160,"percentile":222},"2025-12-06",{"date":255,"score":160,"percentile":178},"2025-12-07",{"date":257,"score":160,"percentile":258},"2025-12-08",0.32684,{"date":260,"score":160,"percentile":261},"2025-12-09",0.32732,{"date":263,"score":160,"percentile":264},"2025-12-10",0.32792,{"date":266,"score":160,"percentile":267},"2025-12-11",0.32818,{"date":269,"score":160,"percentile":270},"2025-12-12",0.32851,{"date":272,"score":160,"percentile":273},"2025-12-13",0.32832,{"date":275,"score":160,"percentile":276},"2025-12-14",0.32811,{"date":278,"score":160,"percentile":190},"2025-12-15",{"date":280,"score":160,"percentile":281},"2025-12-16",0.32788,{"date":283,"score":160,"percentile":284},"2025-12-17",0.32845,{"date":286,"score":160,"percentile":287},"2025-12-18",0.32895,{"date":289,"score":160,"percentile":290},"2025-12-19",0.32921,{"date":292,"score":160,"percentile":293},"2025-12-20",0.32903,{"date":295,"score":160,"percentile":296},"2025-12-21",0.32844,{"date":298,"score":160,"percentile":299},"2025-12-22",0.32813,{"date":301,"score":160,"percentile":302},"2025-12-23",0.32805,{"date":304,"score":160,"percentile":305},"2025-12-24",0.32802,{"date":307,"score":160,"percentile":308},"2025-12-25",0.32869,{"date":310,"score":160,"percentile":311},"2025-12-26",0.32855,{"date":313,"score":160,"percentile":314},"2025-12-27",0.32863,{"date":316,"score":160,"percentile":317},"2025-12-28",0.32766,{"date":319,"score":160,"percentile":261},"2025-12-29",{"date":321,"score":160,"percentile":322},"2025-12-30",0.32727,{"date":324,"score":160,"percentile":325},"2025-12-31",0.32778,{"date":327,"score":160,"percentile":328},"2026-01-01",0.32926,{"date":330,"score":160,"percentile":331},"2026-01-02",0.32915,{"date":333,"score":160,"percentile":334},"2026-01-03",0.32902,{"date":336,"score":160,"percentile":190},"2026-01-04",{"date":338,"score":160,"percentile":339},"2026-01-05",0.32748,{"date":341,"score":160,"percentile":190},"2026-01-06",{"date":343,"score":160,"percentile":344},"2026-01-07",0.32782,{"date":346,"score":160,"percentile":347},"2026-01-08",0.3281,{"date":349,"score":160,"percentile":350},"2026-01-09",0.32815,{"date":352,"score":160,"percentile":353},"2026-01-10",0.32814,{"date":355,"score":160,"percentile":356},"2026-01-11",0.32793,{"date":358,"score":160,"percentile":359},"2026-01-12",0.32721,{"date":361,"score":160,"percentile":362},"2026-01-13",0.32704,{"date":364,"score":365,"percentile":366},"2026-01-14",0.00118,0.31337,{"date":368,"score":365,"percentile":369},"2026-01-15",0.31335,{"date":371,"score":365,"percentile":372},"2026-01-16",0.31361,{"date":374,"score":365,"percentile":375},"2026-01-17",0.31358,{"date":377,"score":365,"percentile":378},"2026-01-18",0.31301,{"date":380,"score":365,"percentile":381},"2026-01-19",0.31269,{"date":383,"score":365,"percentile":384},"2026-01-20",0.31255,{"date":386,"score":365,"percentile":387},"2026-01-21",0.31201,{"date":389,"score":365,"percentile":390},"2026-01-22",0.31177,{"date":392,"score":365,"percentile":393},"2026-01-23",0.31245,{"date":395,"score":365,"percentile":396},"2026-01-24",0.31261,{"date":398,"score":365,"percentile":399},"2026-01-25",0.3119,{"date":401,"score":365,"percentile":402},"2026-01-26",0.31109,{"date":404,"score":365,"percentile":405},"2026-01-27",0.31097,{"date":407,"score":365,"percentile":408},"2026-01-28",0.31074,{"date":410,"score":365,"percentile":411},"2026-01-29",0.31031,{"date":413,"score":365,"percentile":414},"2026-01-30",0.31019,{"date":416,"score":365,"percentile":417},"2026-01-31",0.31025,{"date":419,"score":365,"percentile":420},"2026-02-01",0.31105,[422,427],{"source":104,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":423,"cvss_v4_0":9},{"baseScore":102,"baseSeverity":424,"vectorString":105,"impactScore":425,"exploitabilityScore":426},"HIGH",8.7,4.6,{"source":110,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":428,"cvss_v4_0":9},{"baseScore":102,"baseSeverity":9,"vectorString":105,"impactScore":425,"exploitabilityScore":426},[430,441,450,462],{"ecosystem":9,"name":431,"vendor":432,"product":431,"cpe_part":433,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":434},"buildah","buildah_project","a",[435],{"version":436,"is_range":437,"range_type":438,"version_start":9,"version_start_type":9,"version_end":439,"version_end_type":440,"fixed_in":9},"lt1.27.1",true,"cpe","1.27.1","excluding",{"ecosystem":442,"name":443,"vendor":444,"product":431,"cpe_part":9,"purl_type":445,"purl_namespace":444,"purl_name":431,"source":9,"versions":446},"Go","github.com/containers/buildah","github.com/containers","golang",[447],{"version":448,"is_range":437,"range_type":449,"version_start":9,"version_start_type":9,"version_end":439,"version_end_type":440,"fixed_in":9},"lt1_27_1","semver",{"ecosystem":9,"name":451,"vendor":452,"product":453,"cpe_part":454,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":455},"enterprise linux","redhat","enterprise_linux","o",[456,458,460],{"version":457,"is_range":34,"range_type":438,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"7.0",{"version":459,"is_range":34,"range_type":438,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"8.0",{"version":461,"is_range":34,"range_type":438,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"9.0",{"ecosystem":9,"name":463,"vendor":452,"product":464,"cpe_part":433,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":465},"openshift container platform","openshift_container_platform",[466],{"version":467,"is_range":34,"range_type":438,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"4.0"]