CVE-2022-1227

A privilege escalation flaw was found in Podman. This flaw allows an attacker to publish a malicious image to a public registry. Once this image is downloaded by a potential victim, the vulnerability is triggered after a user runs the 'podman top' command. This action gives the attacker access to the host filesystem, leading to information disclosure or denial of service.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:podman_project:podman:*:*:*:*:*:*:*:*
cpe:2.3:a:psgo_project:psgo:*:*:*:*:*:go:*:*

Configuration 2 (hide)

OR cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:quay:3.0.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform:4.0:*:*:*:*:*:*:*

History

14 May 2022, 03:15

Type Values Removed Values Added
References
  • (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DLUJZV3HBP56ADXU6QH2V7RNYUPMVBXQ/ -

11 May 2022, 14:52

Type Values Removed Values Added
References (MISC) https://github.com/containers/podman/issues/10941 - (MISC) https://github.com/containers/podman/issues/10941 - Exploit, Issue Tracking, Third Party Advisory
References (MISC) https://bugzilla.redhat.com/show_bug.cgi?id=2070368 - (MISC) https://bugzilla.redhat.com/show_bug.cgi?id=2070368 - Issue Tracking, Third Party Advisory
CVSS v2 : unknown
v3 : unknown
v2 : 6.8
v3 : 8.8
CPE cpe:2.3:a:psgo_project:psgo:*:*:*:*:*:go:*:*
cpe:2.3:a:redhat:quay:3.0.0:*:*:*:*:*:*:*
cpe:2.3:a:podman_project:podman:*:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform:4.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
First Time Podman Project
Podman Project podman
Redhat
Redhat quay
Redhat openshift Container Platform
Redhat enterprise Linux
Psgo Project
Psgo Project psgo
CWE CWE-269

29 Apr 2022, 16:15

Type Values Removed Values Added
New CVE

Information

Published : 2022-04-29 16:15

Updated : 2022-05-14 03:15


NVD link : CVE-2022-1227

Mitre link : CVE-2022-1227


JSON object : View

Products Affected

redhat

  • quay
  • openshift_container_platform
  • enterprise_linux

podman_project

  • podman

psgo_project

  • psgo
CWE
CWE-269

Improper Privilege Management