Latest libpod project libpod Vulnerabilities

CVE-2020-1726
A flaw was discovered in Podman where it incorrectly allows containers when created to overwrite existing files in volumes, even if they are mounted as read-only. When a user runs a malicious containe...
redhat/podman<0:1.6.4-7.el8
Libpod Project Libpod=1.6.0
Redhat Openshift Container Platform=4.3
Redhat Enterprise Linux=8.0
CVE-2019-18466
An issue was discovered in Podman in libpod before 1.6.0. It resolves a symlink in the host context during a copy operation from the container to the host, because an undesired glob operation occurs. ...
go/github.com/containers/podman/v4<1.6.0
redhat/podman<0:1.6.4-16.el7_8
Libpod Project Libpod<1.6.0
CVE-2019-10152
A path traversal vulnerability has been discovered in podman before version 1.4.0 in the way it handles symlinks inside containers. An attacker who has compromised an existing container can cause arbi...
Libpod Project Libpod<1.4.0
openSUSE Leap=15.1
CVE-2019-10214
The containers/image library used by the container tools Podman, Buildah, and Skopeo in Red Hat Enterprise Linux version 8 and CRI-O in OpenShift Container Platform, does not enforce TLS connections t...
go/github.com/containers/image<3.0.0
redhat/containers-image<3.0.0
redhat/atomic-openshift<0:3.10.175-1.git.0.f9f0e81.el7
redhat/cri-o<0:1.10.6-2.rhaos3.10.git56d7d9a.el7
redhat/cri-o<0:1.11.16-0.2.dev.rhaos3.11.git3f89eba.el7
redhat/cri-o<0:1.9.16-5.git858756d.el7
and 7 more
CVE-2018-10856
It has been discovered that podman before version 0.6.1 does not drop capabilities when executing a container as a non-root user. This results in unnecessary privileges being granted to the container.
redhat/podman<0.6.1
Libpod Project Libpod<0.6.1

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203