CVE-2019-25067: Podman/Varlink API Privilege Escalation
First published: Thu Jun 09 2022(Updated: )
A vulnerability, which was classified as critical, was found in Podman and Varlink 1.5.1. This affects an unknown part of the component API. The manipulation leads to Privilege Escalation. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
Credit: cna@vuldb.com cna@vuldb.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Podman Project Podman | =1.5.1 | |
| Varlink Varlink | =1.5.1 | |
| =1.5.1 | ||
| =1.5.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2019-25067?
The severity of CVE-2019-25067 is classified as critical.
What software is affected by CVE-2019-25067?
Podman 1.5.1 and Varlink 1.5.1 are affected by CVE-2019-25067.
What is the vulnerability type of CVE-2019-25067?
CVE-2019-25067 is classified as a Privilege Escalation vulnerability.
Can the attack be initiated remotely?
Yes, the attack can be initiated remotely.
How severe is the vulnerability?
The severity of CVE-2019-25067 is high, with a CVSS score of 8.8.
- collector/nvd-index
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/title
- agent/softwarecombine
- agent/references
- agent/first-publish-date
- agent/event
- agent/description
- agent/author
- agent/last-modified-date
- agent/tags
- collector/nvd-api
- source/NVD
- vendor/podman project
- canonical/podman project podman
- version/podman project podman/1.5.1
- vendor/varlink
- canonical/varlink varlink
- version/varlink varlink/1.5.1