Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2022-1227

Опубликовано: 29 апр. 2022
Источник: debian
EPSS Средний

Описание

A privilege escalation flaw was found in Podman. This flaw allows an attacker to publish a malicious image to a public registry. Once this image is downloaded by a potential victim, the vulnerability is triggered after a user runs the 'podman top' command. This action gives the attacker access to the host filesystem, leading to information disclosure or denial of service.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
libpodfixed3.4.7+ds1-1package
libpodfixed3.0.1+dfsg1-3+deb11u2bullseyepackage
golang-github-containers-psgofixed1.7.1+ds1-1package
golang-github-containers-psgofixed1.5.2-1+deb11u1bullseyepackage

Примечания

  • https://bugzilla.redhat.com/show_bug.cgi?id=2070368

  • https://github.com/containers/psgo/pull/92

  • https://github.com/containers/psgo/commit/d9467da9f563a9de1ece79dcae86b37b1db75443 (v1.7.2)

EPSS

Процентиль: 97%
0.32935
Средний

Связанные уязвимости

ubuntu логотип

CVE-2022-1227

CVSS3: 8.8
ubuntu
около 3 лет назад

A privilege escalation flaw was found in Podman. This flaw allows an attacker to publish a malicious image to a public registry. Once this image is downloaded by a potential victim, the vulnerability is triggered after a user runs the 'podman top' command. This action gives the attacker access to the host filesystem, leading to information disclosure or denial of service.

redhat логотип

CVE-2022-1227

CVSS3: 8
redhat
почти 4 года назад

A privilege escalation flaw was found in Podman. This flaw allows an attacker to publish a malicious image to a public registry. Once this image is downloaded by a potential victim, the vulnerability is triggered after a user runs the 'podman top' command. This action gives the attacker access to the host filesystem, leading to information disclosure or denial of service.

nvd логотип

CVE-2022-1227

CVSS3: 8.8
nvd
около 3 лет назад

A privilege escalation flaw was found in Podman. This flaw allows an attacker to publish a malicious image to a public registry. Once this image is downloaded by a potential victim, the vulnerability is triggered after a user runs the 'podman top' command. This action gives the attacker access to the host filesystem, leading to information disclosure or denial of service.

msrc логотип

CVE-2022-1227

CVSS3: 8.8
msrc
около 3 лет назад

Описание отсутствует

rocky логотип

RLSA-2022:2143

rocky
около 3 лет назад

Important: container-tools:3.0 security update

EPSS

Процентиль: 97%
0.32935
Средний