CVE-2020-1726
5.9
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
Summary
A flaw was discovered in Podman where it incorrectly allows containers when created to overwrite existing files in volumes, even if they are mounted as read-only. When a user runs a malicious container or a container based on a malicious image with an attached volume that is used for the first time, it is possible to trigger the flaw and overwrite files in the volume.This issue was introduced in version 1.6.0.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| The | podman | from 1.6.0 onwards | affected |
Weaknesses
- CWE-552: CWE-552
ADP Enrichment
CVE Program Container
Additional References
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1726
- https://access.redhat.com/errata/RHSA-2020:0680
- http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00097.html
- http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00103.html
References
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1726
- https://access.redhat.com/errata/RHSA-2020:0680
- http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00097.html
- http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00103.html
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.