Latest podman project podman Vulnerabilities

CVE-2023-0778
A Time-of-check Time-of-use (TOCTOU) flaw was found in podman. This issue may allow a malicious user to replace a normal file in a volume with a symlink while exporting the volume, allowing for access...
redhat/podman<3:4.4.1-3.rhaos4.13.el9
Podman Project Podman
Redhat Enterprise Linux=8.0
Redhat Enterprise Linux=9.0
redhat/podman<4.4.2
CVE-2022-4123
A flaw was found in Buildah. The local path and the lowest subdirectory may be disclosed due to incorrect absolute path traversal, resulting in an impact to confidentiality.
go/github.com/containers/podman/v4>=4.1.0-rc1<=4.4.1
Podman Project Podman=4.1.0
Podman Project Podman=4.1.0-rc1
Podman Project Podman=4.1.0-rc2
Podman Project Podman=4.1.1
Podman Project Podman=4.2.0
and 8 more
CVE-2022-4122
#1podman build ..." follows symlinks when reading .containerignore and .dockerignore We've received this potential security issue with Podman, and although not said, it's really in Buildah. I've ask...
Podman Project Podman=4.3.0
Fedoraproject Fedora=35
Fedoraproject Fedora=36
Fedoraproject Fedora=37
go/github.com/containers/podman/v4<4.5.0
CVE-2022-2989
An incorrect handling of the supplementary groups in the Podman container engine might lead to the sensitive information disclosure or possible data modification if an attacker has direct access to th...
redhat/buildah<1:1.27.0-2.el9
redhat/podman<2:4.2.0-7.el9_1
Podman Project Podman
Redhat Openshift Container Platform=3.11
Redhat Openshift Container Platform=4.0
Redhat Enterprise Linux=7.0
and 6 more
CVE-2022-2739
The podman packages version podman-1.6.4-32.el7_9 as released for Red Hat Enterprise Linux 7 Extras via RHSA-2022:2190 (<a href="https://access.redhat.com/errata/RHSA-2022:2190">https://access.redhat....
Redhat Enterprise Linux Server=7.0
Redhat Enterprise Linux Workstation=7.0
Podman Project Podman=1.6.4-32.el7_9
CVE-2022-2738
The version of podman as released for Red Hat Enterprise Linux 7 Extras via RHSA-2022:2190 advisory included an incorrect version of podman missing the fix for CVE-2020-8945, which was previously fixe...
redhat/podman<0:1.6.4-36.el7_9
Redhat Enterprise Linux Server=7.0
Redhat Enterprise Linux Workstation=7.0
Podman Project Podman=1.6.4-32.el7_9
CVE-2019-25067
Podman/Varlink API Privilege Escalation
Podman Project Podman=1.5.1
Varlink Varlink=1.5.1
=1.5.1
=1.5.1
CVE-2022-27649
A flaw was found in Podman, where containers were started incorrectly with non-empty default permissions. A vulnerability was found in Moby (Docker Engine), where containers were started incorrectly w...
Podman Project Podman<4.0.3
Redhat Developer Tools=1.0
Redhat Openshift Container Platform=4.0
Redhat Enterprise Linux=8.0
Redhat Enterprise Linux=8.6
Redhat Enterprise Linux Eus=8.4
and 18 more
CVE-2021-4024
A flaw was found in podman. The `podman machine` function (used to create and manage Podman virtual machine containing a Podman process) spawns a `gvproxy` process on the host system. The `gvproxy` AP...
redhat/podman<2:4.2.0-3.el9
redhat/podman<3.4.3
Podman Project Podman>=3.3.0<3.4.3
Fedoraproject Fedora=34
Fedoraproject Fedora=35
Redhat Enterprise Linux=8.0
CVE-2022-1227
Podman is a tool for managing OCI containers and pods. A privilege escalation flaw was found in Podman. This flaw allows an attacker to publish a malicious image to a public registry. Once this image ...
go/github.com/containers/podman/v3<3.4
go/github.com/containers/psgo/internal/proc<1.7.2
go/github.com/containers/psgo<1.7.2
Podman Project Podman<4.0.0
Psgo Project Psgo<1.7.2
Redhat Developer Tools=1.0
and 19 more
CVE-2021-20188
A flaw was found in podman before 1.7.0. File permissions for non-root users running in a privileged container are not correctly checked. This flaw can be abused by a low-privileged user inside the co...
redhat/podman<1.7.0
Podman Project Podman<1.7.0
Redhat Openshift Container Platform=3.11
Redhat Enterprise Linux=7.0
Redhat Enterprise Linux=8.0
CVE-2021-20199
Rootless containers run with Podman, receive all traffic with a source IP address of 127.0.0.1 (including from remote hosts). This impacts containerized applications that trust localhost (127.0.01) co...
go/github.com/containers/podman/v3<3.0.0
redhat/podman<3.0
redhat/podman<2:4.2.0-3.el9
Podman Project Podman>=1.8.0<3.0.0
CVE-2020-14370
A flaw was discovered in Podman before upstream version 2.0.5. When using the deprecated Varlink API or the Docker-compatible REST API, if multiple containers are created in a short duration, the envi...
redhat/podman<0:1.6.4-26.el7_9
redhat/podman<0:1.9.3-3.rhaos4.6.el8
Podman Project Podman<2.0.5
Redhat Openshift Container Platform=4.6
Redhat Enterprise Linux=7.0
Redhat Enterprise Linux=8.0
and 5 more

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203