CVE-2022-36109

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Moby (Docker Engine) versions prior to 20.10.18

Description The issue is related to the improper setup of supplementary groups in Moby (Docker Engine), which can allow an attacker with direct access to a container to bypass primary group restrictions. This could potentially lead to access to sensitive information or the ability to execute code in the container. The problem can be exploited if an attacker manipulates their supplementary group access.

Recommendations For versions prior to 20.10.18, update to Moby (Docker Engine) 20.10.18 to fix the issue. For users unable to upgrade, do not use the "USER $USERNAME" Dockerfile instruction. Instead, call ENTRYPOINT ["su", "-", "user"] to set up supplementary groups properly. Stop and restart running containers for the permissions to be fixed.

Exploit

Fix

Incorrect Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-842CWE-863

Related Identifiers

ALT-PU-2022-2593

ALT-PU-2022-3198

ALT-PU-2024-13162

BDU:2022-05641

CVE-2022-36109

GHSA-4WJJ-JWC9-2X96

GHSA-RC4R-WH2Q-Q6C4

GO-2022-0985

GO-2022-1008

GO-2023-1574

MGASA-2023-0009

OESA-2022-1936

OPENSUSE-SU-2024:12790-1

OPENSUSE-SU-2025:15589-1

SUSE-SU-2023:0795-1

SUSE-SU-2023:0795-2

SUSE-SU-2023:1625-1

SUSE-SU-2023_0795-1

SUSE-SU-2023_1625-1

SUSE-SU-2025:03540-1

SUSE-SU-2025:03545-1

Affected Products

Alt Linux

Astra Linux

Debian

Docker

Moby

Suse

CVE-2022-36109

Weakness Enumeration

Related Identifiers

Affected Products

References · 311