Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2025-6032

Опубликовано: 24 июн. 2025
Источник: debian

Описание

A flaw was found in Podman. The podman machine init command fails to verify the TLS certificate when downloading the VM images from an OCI registry. This issue results in a Man In The Middle attack.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
podmanfixed5.4.2+ds1-2package
libpodremovedpackage
libpodnot-affectedbookwormpackage
libpodnot-affectedbullseyepackage

Примечания

  • https://github.com/advisories/GHSA-65gg-3w2w-hr4h

  • Fixed by: https://github.com/containers/podman/commit/726b506acc8a00d99f1a3a1357ecf619a1f798c3 (main)

  • Fixed by: https://github.com/containers/podman/commit/1569c209829530b1f42e8c2fce851de8003ab3fe (v5.5.2)

Связанные уязвимости

ubuntu логотип

CVE-2025-6032

CVSS3: 8.3
ubuntu
7 месяцев назад

A flaw was found in Podman. The podman machine init command fails to verify the TLS certificate when downloading the VM images from an OCI registry. This issue results in a Man In The Middle attack.

redhat логотип

CVE-2025-6032

CVSS3: 8.3
redhat
7 месяцев назад

A flaw was found in Podman. The podman machine init command fails to verify the TLS certificate when downloading the VM images from an OCI registry. This issue results in a Man In The Middle attack.

nvd логотип

CVE-2025-6032

CVSS3: 8.3
nvd
7 месяцев назад

A flaw was found in Podman. The podman machine init command fails to verify the TLS certificate when downloading the VM images from an OCI registry. This issue results in a Man In The Middle attack.

msrc логотип

CVE-2025-6032

msrc
5 месяцев назад

Podman: podman missing tls verification

suse-cvrf логотип

SUSE-SU-2025:02808-1

suse-cvrf
5 месяцев назад

Security update for podman