A privilege escalation flaw was found in Podman. This flaw allows an attacker to publish a malicious image to a public registry. Once this image is downloaded by a potential victim, the vulnerability is triggered after a user runs the 'podman top' command. This action gives the attacker access to the host filesystem, leading to information disclosure or denial of service.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 8.8 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 2.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-281,CWE-269,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| fedoraproject | fedora | 35 |
| redhat | enterprise_linux_for_power_little_endian | 7.0 |
| redhat | enterprise_linux_workstation | 7.0 |
| podman_project | podman | * |
| redhat | enterprise_linux_for_power_little_endian | 8.6 |
| redhat | enterprise_linux_server | 7.0 |
| redhat | quay | 3.0.0 |
| redhat | enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions | 8.6 |
| redhat | enterprise_linux | 8.0 |
| fedoraproject | fedora | 34 |
| redhat | enterprise_linux_server_update_services_for_sap_solutions | 8.6 |
| redhat | enterprise_linux_server_tus | 8.6 |
| redhat | enterprise_linux | 7.0 |
| redhat | enterprise_linux_eus | 8.6 |
| redhat | enterprise_linux_for_ibm_z_systems | 7.0 |
| redhat | developer_tools | 1.0 |
| redhat | enterprise_linux_server_aus | 8.6 |
| redhat | openshift_container_platform | 4.0 |
| redhat | enterprise_linux_for_ibm_z_systems | 8.6 |
| psgo_project | psgo | * |