A privilege escalation flaw was found in Podman. This flaw allows an attacker to publish a malicious image to a public registry. Once this image is downloaded by a potential victim, the vulnerability is triggered after a user runs the 'podman top' command. This action gives the attacker access to the host filesystem, leading to information disclosure or denial of service.
References
Link | Resource |
---|---|
https://bugzilla.redhat.com/show_bug.cgi?id=2070368 | Issue Tracking Third Party Advisory |
https://github.com/containers/podman/issues/10941 | Exploit Issue Tracking Third Party Advisory |
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DLUJZV3HBP56ADXU6QH2V7RNYUPMVBXQ/ |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: redhat
Published: 2022-04-29T15:45:00
Updated: 2024-06-28T16:06:02.042339
Reserved: 2022-04-04T00:00:00
Link: CVE-2022-1227
JSON object: View
NVD Information
Status : Modified
Published: 2022-04-29T16:15:08.753
Modified: 2023-11-07T03:41:49.707
Link: CVE-2022-1227
JSON object: View
Redhat Information
No data.