Описание
Podman Desktop is a graphical tool for developing on containers and Kubernetes. A critical authentication bypass vulnerability in Podman Desktop prior to version 1.25.1 allows any extension to completely circumvent permission checks and gain unauthorized access to all authentication sessions. The isAccessAllowed() function unconditionally returns true, enabling malicious extensions to impersonate any user, hijack authentication sessions, and access sensitive resources without authorization. This vulnerability affects all versions of Podman Desktop. Version 1.25.1 contains a patch for the issue.
Уязвимые конфигурации
EPSS
7.1 High
CVSS3
Дефекты
Связанные уязвимости
Podman Desktop is a graphical tool for developing on containers and Kubernetes. A critical authentication bypass vulnerability in Podman Desktop prior to version 1.25.1 allows any extension to completely circumvent permission checks and gain unauthorized access to all authentication sessions. The `isAccessAllowed()` function unconditionally returns `true`, enabling malicious extensions to impersonate any user, hijack authentication sessions, and access sensitive resources without authorization. This vulnerability affects all versions of Podman Desktop. Version 1.25.1 contains a patch for the issue.
Podman Desktop is a graphical tool for developing on containers and Ku ...
Уязвимость функции isAccessAllowed() программного средства управления и запуска OCI-контейнеров Podman, позволяющая нарушителю обойти существующие ограничения безопасности и получить несанкционированный доступ к защищаемой информации
EPSS
7.1 High
CVSS3