CVE-2023-38496

Name of the Vulnerable Software and Affected Versions Apptainer versions 1.2.0-rc.2 through 1.2.0

Description Apptainer is an open source container platform. Version 1.2.0-rc.2 introduced an ineffective privilege drop when requesting container network setup, therefore subsequent functions are called with root privileges. The attack surface is rather limited for users, but an attacker could possibly craft a starter config to delete any directory on the host filesystems.

Recommendations For Apptainer versions 1.2.0-rc.2, upgrade to Apptainer 1.2.1 to resolve the issue. There is no known workaround outside of upgrading to Apptainer 1.2.1.