CVE-2022-1227

Опубликовано: 15 июл. 2021

Источник: redhat

CVSS3: 8

Описание

A privilege escalation flaw was found in Podman. This flaw allows an attacker to publish a malicious image to a public registry. Once this image is downloaded by a potential victim, the vulnerability is triggered after a user runs the 'podman top' command. This action gives the attacker access to the host filesystem, leading to information disclosure or denial of service.

Затронутые пакеты

Платформа	Пакет	Состояние
Red Hat Enterprise Linux 8	container-tools:2.0/podman	Affected
Red Hat Enterprise Linux 8	container-tools:4.0/conmon	Not affected
Red Hat Enterprise Linux 8	container-tools:4.0/podman	Not affected
Red Hat Enterprise Linux 9	conmon	Not affected
Red Hat Enterprise Linux 9	podman	Not affected
Red Hat OpenShift Container Platform 4	cri-o	Under investigation
Red Hat OpenShift Container Platform 4	openshift4/cnf-tests-rhel8	Affected
Red Hat OpenShift Container Platform 4	openshift4/file-integrity-rhel8-operator	Affected
Red Hat OpenShift Container Platform 4	openshift4/ose-machine-config-operator	Not affected
Red Hat Quay 3	quay/quay-builder-rhel8	Affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Important

Дефект:

CWE-281

https://bugzilla.redhat.com/show_bug.cgi?id=2070368psgo: Privilege escalation in 'podman top'

8 High

CVSS3

Связанные уязвимости

CVE-2022-1227

CVSS3: 8.8

ubuntu

около 3 лет назад

CVE-2022-1227

CVSS3: 8.8

nvd

около 3 лет назад

CVE-2022-1227

CVSS3: 8.8

msrc

около 3 лет назад

Описание отсутствует

CVE-2022-1227

CVSS3: 8.8

debian

около 3 лет назад

A privilege escalation flaw was found in Podman. This flaw allows an a ...

RLSA-2022:2143

rocky

около 3 лет назад

Important: container-tools:3.0 security update

8 High

CVSS3