CVE-2018-10856

Опубликовано: 03 июл. 2018

Источник: nvd

CVSS3: 5.3

CVSS3: 8.8

CVSS2: 6.5

EPSS Низкий

Описание

It has been discovered that podman before version 0.6.1 does not drop capabilities when executing a container as a non-root user. This results in unnecessary privileges being granted to the container.

Ссылки

https://access.redhat.com/errata/RHSA-2018:2037
Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10856
Issue Tracking
Third Party Advisory
https://github.com/projectatomic/libpod/commit/bae80a0b663925ec751ad2784ca32989403cdc24
Patch
Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:2037
Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10856
Issue Tracking
Third Party Advisory
https://github.com/projectatomic/libpod/commit/bae80a0b663925ec751ad2784ca32989403cdc24
Patch
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:libpod_project:libpod:*:*:*:*:*:*:*:*

Версия до 0.6.1 (исключая)

EPSS

Процентиль: 44%

0.00216

Низкий

5.3 Medium

CVSS3

8.8 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-250

CWE-732

Связанные уязвимости

CVE-2018-10856

CVSS3: 5.3

redhat

больше 7 лет назад

CVE-2018-10856

CVSS3: 5.3

debian

больше 7 лет назад

It has been discovered that podman before version 0.6.1 does not drop ...

GHSA-wp7w-vx86-vj9h

CVSS3: 8.8

github

больше 3 лет назад

Podman Elevated Container Privileges

EPSS

Процентиль: 44%

0.00216

Низкий

5.3 Medium

CVSS3

8.8 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-250

CWE-732