MidnightBSD

Advisories for podman_project

CVE-2019-25067 MEDIUM

A vulnerability, which was classified as critical, was found in Podman and Varlink 1.5.1. This affects an unknown part of the component API. The manipulation leads to Remote Privilege Escalation. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-143949 was assigned to this vulnerability.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cna@vuldb.com 6.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L 2.8 3.4
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
podman_project podman 1.5.1
varlink varlink 1.5.1
CVE-2020-14370 MEDIUM

An information disclosure vulnerability was found in containers/podman in versions before 2.0.5. When using the deprecated Varlink API or the Docker-compatible REST API, if multiple containers are created in a short duration, the environment variables from the first container will get leaked into subsequent containers. An attacker who has control over the subsequent containers could use this flaw to gain access to sensitive information stored in such variables.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N 1.6 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-212,CWE-212,

Products Affected

Vendor Product Version
redhat enterprise_linux 7.0
fedoraproject fedora 31
fedoraproject fedora 33
redhat enterprise_linux 8.0
fedoraproject fedora 32
redhat openshift_container_platform 4.6
podman_project podman *
CVE-2021-20188 MEDIUM

A flaw was found in podman before 1.7.0. File permissions for non-root users running in a privileged container are not correctly checked. This flaw can be abused by a low-privileged user inside the container to access any other file in the container, even if owned by the root user inside the container. It does not allow to directly escape the container, though being a privileged container means that a lot of security features are disabled when running the container. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.0 HIGH CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 1.0 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-863,

Products Affected

Vendor Product Version
redhat openshift_container_platform 3.11
redhat enterprise_linux 7.0
redhat enterprise_linux 8.0
podman_project podman *
CVE-2021-20199 MEDIUM

Rootless containers run with Podman, receive all traffic with a source IP address of 127.0.0.1 (including from remote hosts). This impacts containerized applications that trust localhost (127.0.01) connections by default and do not require authentication. This issue affects Podman 1.8.0 onwards.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.9 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N 2.2 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-346,

Products Affected

Vendor Product Version
podman_project podman *
CVE-2021-4024 MEDIUM

A flaw was found in podman. The `podman machine` function (used to create and manage Podman virtual machine containing a Podman process) spawns a `gvproxy` process on the host system. The `gvproxy` API is accessible on port 7777 on all IP addresses on the host. If that port is open on the host's firewall, an attacker can potentially use the `gvproxy` API to forward ports on the host to ports in the VM, making private services on the VM accessible to the network. This issue could be also used to interrupt the host's services by forwarding all ports to the VM.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L 3.9 2.5

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,CWE-200,CWE-346,

Products Affected

Vendor Product Version
fedoraproject fedora 34
fedoraproject fedora 35
redhat enterprise_linux 8.0
podman_project podman *
CVE-2022-1227 MEDIUM

A privilege escalation flaw was found in Podman. This flaw allows an attacker to publish a malicious image to a public registry. Once this image is downloaded by a potential victim, the vulnerability is triggered after a user runs the 'podman top' command. This action gives the attacker access to the host filesystem, leading to information disclosure or denial of service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-281,CWE-269,

Products Affected

Vendor Product Version
redhat enterprise_linux_server 7.0
redhat enterprise_linux_for_power_little_endian 7.0
redhat enterprise_linux_server_update_services_for_sap_solutions 8.6
redhat enterprise_linux_for_ibm_z_systems 8.6
redhat developer_tools 1.0
fedoraproject fedora 34
psgo_project psgo *
redhat enterprise_linux 8.0
redhat enterprise_linux_server_tus 8.6
redhat enterprise_linux_workstation 7.0
redhat enterprise_linux_server_aus 8.6
redhat enterprise_linux_for_power_little_endian 8.6
redhat quay 3.0.0
redhat openshift_container_platform 4.0
redhat enterprise_linux 7.0
fedoraproject fedora 35
redhat enterprise_linux_for_ibm_z_systems 7.0
redhat enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions 8.6
podman_project podman *
redhat enterprise_linux_eus 8.6
CVE-2022-2738

The version of podman as released for Red Hat Enterprise Linux 7 Extras via RHSA-2022:2190 advisory included an incorrect version of podman missing the fix for CVE-2020-8945, which was previously fixed via RHSA-2020:2117. This issue could possibly be used to crash or cause potential code execution in Go applications that use the Go GPGME wrapper library, under certain conditions, during GPG signature verification.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H 1.6 5.9

Products Affected

Vendor Product Version
redhat enterprise_linux_server 7.0
podman_project podman 1.6.4-32.el7_9
redhat enterprise_linux_workstation 7.0
CVE-2022-2739

The version of podman as released for Red Hat Enterprise Linux 7 Extras via RHSA-2022:2190 advisory included an incorrect version of podman missing the fix for CVE-2020-14370, which was previously fixed via RHSA-2020:5056. This issue could possibly allow an attacker to gain access to sensitive information stored in environment variables.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N 1.6 3.6

Products Affected

Vendor Product Version
redhat enterprise_linux_server 7.0
podman_project podman 1.6.4-32.el7_9
redhat enterprise_linux_workstation 7.0
CVE-2022-27649 MEDIUM

A flaw was found in Podman, where containers were started incorrectly with non-empty default permissions. A vulnerability was found in Moby (Docker Engine), where containers were started incorrectly with non-empty inheritable Linux process capabilities. This flaw allows an attacker with access to programs with inheritable file capabilities to elevate those capabilities to the permitted set when execve(2) runs.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 1.6 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-276,CWE-276,

Products Affected

Vendor Product Version
redhat enterprise_linux_for_ibm_z_systems 8.6
redhat enterprise_linux 8.0
redhat enterprise_linux_server_aus 8.6
redhat enterprise_linux_for_ibm_z_systems_eus 8.4
redhat enterprise_linux_server_tus 8.4
redhat enterprise_linux_for_power_little_endian_eus 8.4
redhat openshift_container_platform 4.0
fedoraproject fedora 35
redhat enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions 8.4
redhat enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions 8.6
redhat enterprise_linux_for_ibm_z_systems 8.0
redhat enterprise_linux_server_update_services_for_sap_solutions 8.6
redhat developer_tools 1.0
fedoraproject fedora 34
redhat enterprise_linux_for_power_little_endian 8.0
redhat enterprise_linux_server_tus 8.6
redhat enterprise_linux_server_update_services_for_sap_solutions 8.4
fedoraproject fedora 36
redhat enterprise_linux_for_ibm_z_systems_eus 8.6
redhat enterprise_linux_eus 8.4
redhat enterprise_linux_server_aus 8.4
redhat enterprise_linux 8.6
podman_project podman *
redhat enterprise_linux_eus 8.6
CVE-2022-2989

An incorrect handling of the supplementary groups in the Podman container engine might lead to the sensitive information disclosure or possible data modification if an attacker has direct access to the affected container where supplementary groups are used to set access permissions and is able to execute a binary code in that container.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.1 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N 1.8 5.2

Products Affected

Vendor Product Version
redhat openshift_container_platform 3.11
redhat openshift_container_platform 4.0
redhat enterprise_linux 7.0
redhat enterprise_linux 8.0
podman_project podman *
redhat enterprise_linux 9.0
CVE-2022-4122

A vulnerability was found in buildah. Incorrect following of symlinks while reading .containerignore and .dockerignore results in information disclosure.

Products Affected

Vendor Product Version
podman_project podman 4.3.0
fedoraproject fedora 36
fedoraproject fedora 35
fedoraproject fedora 37
CVE-2022-4123

A flaw was found in Buildah. The local path and the lowest subdirectory may be disclosed due to incorrect absolute path traversal, resulting in an impact to confidentiality.

Products Affected

Vendor Product Version
podman_project podman 4.3.0
fedoraproject fedora 36
podman_project podman 4.2.1
fedoraproject fedora 35
podman_project podman 4.1.1
podman_project podman 4.1.0
fedoraproject fedora 37
podman_project podman 4.2.0
CVE-2023-0778

A Time-of-check Time-of-use (TOCTOU) flaw was found in podman. This issue may allow a malicious user to replace a normal file in a volume with a symlink while exporting the volume, allowing for access to arbitrary files on the host file system.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.8 MEDIUM CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N 1.6 5.2

Products Affected

Vendor Product Version
podman_project podman -
redhat enterprise_linux 8.0
redhat enterprise_linux 9.0
CVE-2024-3056

A flaw was found in Podman. This issue may allow an attacker to create a specially crafted container that, when configured to share the same IPC with at least one other container, can create a large number of IPC resources in /dev/shm. The malicious container will continue to exhaust resources until it is out-of-memory (OOM) killed. While the malicious container's cgroup will be removed, the IPC resources it created are not. Those resources are tied to the IPC namespace that will not be removed until all containers using it are stopped, and one non-malicious container is holding the namespace open. The malicious container is restarted, either automatically or by attacker control, repeating the process and increasing the amount of memory consumed. With a container configured to restart always, such as `podman run --restart=always`, this can result in a memory-based denial of service of the system.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
secalert@redhat.com 4.8 MEDIUM CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H 1.2 3.6

Products Affected

Vendor Product Version
fedoraproject fedora 40
redhat openshift_container_platform 4.0
redhat enterprise_linux 8.0
podman_project podman *
redhat enterprise_linux 9.0