CVE-2022-1227
N/A
N/A
Summary
A privilege escalation flaw was found in Podman. This flaw allows an attacker to publish a malicious image to a public registry. Once this image is downloaded by a potential victim, the vulnerability is triggered after a user runs the 'podman top' command. This action gives the attacker access to the host filesystem, leading to information disclosure or denial of service.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | psgo | podman 4.0, psgo 1.7.2 | affected |
Weaknesses
- CWE-281: CWE-281
ADP Enrichment
CVE Program Container
Additional References
- https://bugzilla.redhat.com/show_bug.cgi?id=2070368
- https://github.com/containers/podman/issues/10941
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DLUJZV3HBP56ADXU6QH2V7RNYUPMVBXQ/
- https://security.netapp.com/advisory/ntap-20240628-0001/
References
- https://bugzilla.redhat.com/show_bug.cgi?id=2070368
- https://github.com/containers/podman/issues/10941
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DLUJZV3HBP56ADXU6QH2V7RNYUPMVBXQ/
- https://security.netapp.com/advisory/ntap-20240628-0001/
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.