First published: Thu Jul 15 2021(Updated: )
A privilege escalation flaw was found in Podman. This flaw allows an attacker to publish a malicious image to a public registry. Once this image is downloaded by a potential victim, the vulnerability is triggered after a user runs the 'podman top' command. This action gives the attacker access to the host filesystem, leading to information disclosure or denial of service.
Credit: secalert@redhat.com secalert@redhat.com secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
redhat/podman | <0:1.6.4-32.el7_9 | 0:1.6.4-32.el7_9 |
redhat/podman | <0:1.9.3-5.rhaos4.6.el8 | 0:1.9.3-5.rhaos4.6.el8 |
Podman Project Podman | <4.0.0 | |
Psgo Project Psgo | <1.7.2 | |
Redhat Developer Tools | =1.0 | |
Redhat Enterprise Linux Server Update Services For Sap Solutions | =8.6 | |
Redhat Openshift Container Platform | =4.0 | |
Redhat Quay | =3.0.0 | |
Redhat Enterprise Linux | =7.0 | |
Redhat Enterprise Linux | =8.0 | |
Redhat Enterprise Linux Eus | =8.6 | |
Redhat Enterprise Linux For Ibm Z Systems | =7.0 | |
Redhat Enterprise Linux For Ibm Z Systems | =8.6 | |
Redhat Enterprise Linux For Power Little Endian | =7.0 | |
Redhat Enterprise Linux For Power Little Endian | =8.6 | |
Redhat Enterprise Linux Server | =7.0 | |
Redhat Enterprise Linux Server Aus | =8.6 | |
Redhat Enterprise Linux Server For Power Little Endian Update Services For Sap Solutions | =8.6 | |
Redhat Enterprise Linux Server Tus | =8.6 | |
Redhat Enterprise Linux Workstation | =7.0 | |
Fedoraproject Fedora | =34 | |
Fedoraproject Fedora | =35 | |
redhat/podman | <4.0 | 4.0 |
redhat/psgo | <1.7.2 | 1.7.2 |
go/github.com/containers/podman/v3 | <3.4 | 3.4 |
go/github.com/containers/psgo | <1.7.2 | 1.7.2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
(Appears in the following advisories)
The vulnerability ID for this flaw in Podman is CVE-2022-1227.
CVE-2022-1227 has a severity rating of 8.8 (high).
CVE-2022-1227 allows an attacker to publish a malicious image to a public registry in Podman, leading to privilege escalation.
Podman versions 0:1.6.4-32.el7_9 through 3.4 and psgo versions up to 1.7.2 are affected by CVE-2022-1227.
You can find more information about CVE-2022-1227 at the following references: [1] [2] [3]