MidnightBSD

Advisories for psgo_project

CVE-2022-1227 MEDIUM

A privilege escalation flaw was found in Podman. This flaw allows an attacker to publish a malicious image to a public registry. Once this image is downloaded by a potential victim, the vulnerability is triggered after a user runs the 'podman top' command. This action gives the attacker access to the host filesystem, leading to information disclosure or denial of service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-281,CWE-269,

Products Affected

Vendor Product Version
fedoraproject fedora 35
redhat enterprise_linux_for_power_little_endian 7.0
redhat enterprise_linux_workstation 7.0
podman_project podman *
redhat enterprise_linux_for_power_little_endian 8.6
redhat enterprise_linux_server 7.0
redhat quay 3.0.0
redhat enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions 8.6
redhat enterprise_linux 8.0
fedoraproject fedora 34
redhat enterprise_linux_server_update_services_for_sap_solutions 8.6
redhat enterprise_linux_server_tus 8.6
redhat enterprise_linux 7.0
redhat enterprise_linux_eus 8.6
redhat enterprise_linux_for_ibm_z_systems 7.0
redhat developer_tools 1.0
redhat enterprise_linux_server_aus 8.6
redhat openshift_container_platform 4.0
redhat enterprise_linux_for_ibm_z_systems 8.6
psgo_project psgo *