Описание
A Time-of-check Time-of-use (TOCTOU) flaw was found in podman. This issue may allow a malicious user to replace a normal file in a volume with a symlink while exporting the volume, allowing for access to arbitrary files on the host file system.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 7 | podman | Out of support scope | ||
| Red Hat Enterprise Linux 8 | container-tools:3.0/podman | Not affected | ||
| Red Hat Enterprise Linux 9 | podman | Affected | ||
| Red Hat OpenShift Container Platform 3.11 | podman | Out of support scope | ||
| Red Hat Enterprise Linux 8 | container-tools | Fixed | RHSA-2023:2758 | 16.05.2023 |
| Red Hat Enterprise Linux 8 | container-tools | Fixed | RHSA-2023:2802 | 16.05.2023 |
| Red Hat OpenShift Container Platform 4.13 | podman | Fixed | RHSA-2023:1325 | 18.05.2023 |
Показывать по
Дополнительная информация
Статус:
EPSS
6.8 Medium
CVSS3
Связанные уязвимости
A Time-of-check Time-of-use (TOCTOU) flaw was found in podman. This issue may allow a malicious user to replace a normal file in a volume with a symlink while exporting the volume, allowing for access to arbitrary files on the host file system.
A Time-of-check Time-of-use (TOCTOU) flaw was found in podman. This issue may allow a malicious user to replace a normal file in a volume with a symlink while exporting the volume, allowing for access to arbitrary files on the host file system.
A Time-of-check Time-of-use (TOCTOU) flaw was found in podman. This is ...
EPSS
6.8 Medium
CVSS3