A privilege escalation flaw was found in Podman. This flaw allows an attacker to publish a malicious image to a public registry. Once this image is downloaded by a potential victim, the vulnerability is triggered after a user runs the 'podman top' command. This action gives the attacker access to the host filesystem, leading to information disclosure or denial of service.
References
Link | Resource |
---|---|
https://bugzilla.redhat.com/show_bug.cgi?id=2070368 | Issue Tracking Third Party Advisory |
https://github.com/containers/podman/issues/10941 | Exploit Issue Tracking Third Party Advisory |
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DLUJZV3HBP56ADXU6QH2V7RNYUPMVBXQ/ |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
History
07 Nov 2023, 03:41
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
23 Jul 2022, 10:04
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:8.6:*:*:*:*:*:*:* cpe:2.3:a:redhat:enterprise_linux_server_update_services_for_sap_solutions:8.6:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:8.6:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:7.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server_aus:8.6:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:8.6:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_eus:8.6:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server_tus:8.6:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:7.0:*:*:*:*:*:*:* cpe:2.3:a:redhat:developer_tools:1.0:*:*:*:*:*:*:* |
|
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DLUJZV3HBP56ADXU6QH2V7RNYUPMVBXQ/ - Mailing List, Third Party Advisory | |
First Time |
Fedoraproject
Redhat enterprise Linux Eus Redhat enterprise Linux Workstation Fedoraproject fedora Redhat enterprise Linux For Ibm Z Systems Redhat enterprise Linux Server Redhat enterprise Linux Server Update Services For Sap Solutions Redhat enterprise Linux Server Aus Redhat enterprise Linux For Power Little Endian Redhat developer Tools Redhat enterprise Linux Server For Power Little Endian Update Services For Sap Solutions Redhat enterprise Linux Server Tus |
14 May 2022, 03:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
11 May 2022, 14:52
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://github.com/containers/podman/issues/10941 - Exploit, Issue Tracking, Third Party Advisory | |
References | (MISC) https://bugzilla.redhat.com/show_bug.cgi?id=2070368 - Issue Tracking, Third Party Advisory | |
CVSS |
v2 : v3 : |
v2 : 6.8
v3 : 8.8 |
CPE | cpe:2.3:a:psgo_project:psgo:*:*:*:*:*:go:*:* cpe:2.3:a:redhat:quay:3.0.0:*:*:*:*:*:*:* cpe:2.3:a:podman_project:podman:*:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:* cpe:2.3:a:redhat:openshift_container_platform:4.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:* |
|
First Time |
Podman Project
Podman Project podman Redhat Redhat quay Redhat openshift Container Platform Redhat enterprise Linux Psgo Project Psgo Project psgo |
|
CWE | CWE-269 |
29 Apr 2022, 16:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-04-29 16:15
Updated : 2023-12-10 14:22
NVD link : CVE-2022-1227
Mitre link : CVE-2022-1227
CVE.ORG link : CVE-2022-1227
JSON object : View
Products Affected
psgo_project
- psgo
redhat
- enterprise_linux_server_update_services_for_sap_solutions
- enterprise_linux
- enterprise_linux_server_aus
- enterprise_linux_for_ibm_z_systems
- enterprise_linux_server_tus
- quay
- enterprise_linux_server
- enterprise_linux_workstation
- enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions
- developer_tools
- openshift_container_platform
- enterprise_linux_eus
- enterprise_linux_for_power_little_endian
fedoraproject
- fedora
podman_project
- podman