CNNVD-202512-197 Information
CNNVD ID
CNNVD-202512-197
Related CVE
- CNNVD Published: 2025-12-02
Description (Chinese)
Apptainer是Apptainer开源的一个Linux开源容器平台。 Apptainer 1.4.5之前版本存在安全漏洞,该漏洞源于容器可能禁用–security选项,可能导致安全限制失效。
Description (English)
Apptainer is a Linux Open Packaging Platform from Apptainer Open Source. Prior to Apptainer 1.4.5, there was a security loophole, which arose from the possibility that the packaging would be disabled – the security option, which could result in security restrictions being rendered ineffective.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
Apptainer
Published
2025-12-02
Last Modified
2026-02-24
References
https://github.com/apptainer/apptainer/commit/82f17900a0c31bc769bf9b4612d271c7068d8bf2 https://github.com/apptainer/apptainer/security/advisories/GHSA-j3rw-fx6g-q46j https://github.com/opencontainers/runc/security/advisories/GHSA-cgrx-mc8f-2prm https://github.com/sylabs/singularity/security/advisories/GHSA-wwrx-w7c9-rf87 https://github.com/apptainer/apptainer/pull/3226 https://github.com/apptainer/apptainer/commit/4313b42717e18a4add7dd7503528bc15af905981 https://vigilance.fr/vulnerability/Apptainer-privilege-escalation-via-Security-Disable-49098
Patch
https://github.com/apptainer/apptainer/releases
Share on: