Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2022-1227

Опубликовано: 29 апр. 2022
Источник: nvd
CVSS3: 8.8
CVSS2: 6.8
EPSS Средний

Описание

A privilege escalation flaw was found in Podman. This flaw allows an attacker to publish a malicious image to a public registry. Once this image is downloaded by a potential victim, the vulnerability is triggered after a user runs the 'podman top' command. This action gives the attacker access to the host filesystem, leading to information disclosure or denial of service.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:podman_project:podman:*:*:*:*:*:*:*:*
Версия до 4.0.0 (исключая)
cpe:2.3:a:psgo_project:psgo:*:*:*:*:*:go:*:*
Версия до 1.7.2 (исключая)
Конфигурация 2

Одно из

cpe:2.3:a:redhat:developer_tools:1.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:enterprise_linux_server_update_services_for_sap_solutions:8.6:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform:4.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:quay:3.0.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:8.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:8.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:8.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:8.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:8.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_tus:8.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
Конфигурация 3

Одно из

cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*

EPSS

Процентиль: 97%
0.32935
Средний

8.8 High

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-281
CWE-269

Связанные уязвимости

ubuntu логотип

CVE-2022-1227

CVSS3: 8.8
ubuntu
около 3 лет назад

A privilege escalation flaw was found in Podman. This flaw allows an attacker to publish a malicious image to a public registry. Once this image is downloaded by a potential victim, the vulnerability is triggered after a user runs the 'podman top' command. This action gives the attacker access to the host filesystem, leading to information disclosure or denial of service.

redhat логотип

CVE-2022-1227

CVSS3: 8
redhat
почти 4 года назад

A privilege escalation flaw was found in Podman. This flaw allows an attacker to publish a malicious image to a public registry. Once this image is downloaded by a potential victim, the vulnerability is triggered after a user runs the 'podman top' command. This action gives the attacker access to the host filesystem, leading to information disclosure or denial of service.

msrc логотип

CVE-2022-1227

CVSS3: 8.8
msrc
около 3 лет назад

Описание отсутствует

debian логотип

CVE-2022-1227

CVSS3: 8.8
debian
около 3 лет назад

A privilege escalation flaw was found in Podman. This flaw allows an a ...

rocky логотип

RLSA-2022:2143

rocky
около 3 лет назад

Important: container-tools:3.0 security update

EPSS

Процентиль: 97%
0.32935
Средний

8.8 High

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-281
CWE-269