CVE-2020-1726

A flaw was discovered in Podman where it incorrectly allows containers when created to overwrite existing files in volumes, even if they are mounted as read-only. When a user runs a malicious container or a container based on a malicious image with an attached volume that is used for the first time, it is possible to trigger the flaw and overwrite files in the volume.This issue was introduced in version 1.6.0.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.9 MEDIUM
NETWORK
HIGH
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 63%
Affected Products (NVD)
VendorProductVersion
libpod_projectlibpod
1.6.0
redhatopenshift_container_platform
4.3
redhatenterprise_linux
8.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
libpod
bookworm
4.3.1+ds1-8+deb12u1
fixed
bullseye
3.0.1+dfsg1-3+deb11u5
fixed
sid
5.2.2+ds1-2
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
podman
bionic
dne
eoan
dne
trusty
dne
xenial
dne
openSUSE logo
openSUSE / SLES Releases
openSUSE Product
Release
conmon
suse enterprise sap 15 SP1
2.0.20-3.6.1
fixed
suse enterprise sap 15 SP2
2.0.20-3.6.1
fixed
suse enterprise sap 15 SP3
2.0.20-3.6.1
fixed
suse enterprise server 15 SP1
2.0.20-3.6.1
fixed
suse enterprise server 15 SP2
2.0.20-3.6.1
fixed
suse enterprise server 15 SP3
2.0.20-3.6.1
fixed
fuse-overlayfs
suse enterprise sap 15 SP1
1.1.2-3.9.1
fixed
suse enterprise sap 15 SP2
1.1.2-3.9.1
fixed
suse enterprise sap 15 SP3
1.1.2-3.9.1
fixed
suse enterprise sap 15 SP4
1.1.2-3.9.1
fixed
suse enterprise sap 15 SP5
1.1.2-3.9.1
fixed
suse enterprise sap 15 SP6
1.1.2-3.9.1
fixed
suse enterprise sap 15 SP7
1.1.2-3.9.1
fixed
suse enterprise server 15 SP1
1.1.2-3.9.1
fixed
suse enterprise server 15 SP2
1.1.2-3.9.1
fixed
suse enterprise server 15 SP3
1.1.2-3.9.1
fixed
suse enterprise server 15 SP4
1.1.2-3.9.1
fixed
suse enterprise server 15 SP5
1.1.2-3.9.1
fixed
suse enterprise server 15 SP6
1.1.2-3.9.1
fixed
suse enterprise server 15 SP7
1.1.2-3.9.1
fixed
podman
suse enterprise sap 15 SP1
2.0.6-4.25.1
fixed
suse enterprise sap 15 SP2
2.0.6-4.25.1
fixed
suse enterprise sap 15 SP3
2.0.6-4.25.1
fixed
suse enterprise sap 15 SP4
3.4.4-150400.2.14
fixed
suse enterprise sap 15 SP5
4.4.4-150500.1.4
fixed
suse enterprise sap 15 SP6
4.8.3-150500.3.9.1
fixed
suse enterprise sap 15 SP7
4.9.5-150500.3.40.1
fixed
suse enterprise server 15 SP1
2.0.6-4.25.1
fixed
suse enterprise server 15 SP2
2.0.6-4.25.1
fixed
suse enterprise server 15 SP3
2.0.6-4.25.1
fixed
suse enterprise server 15 SP4
3.4.4-150400.2.14
fixed
suse enterprise server 15 SP5
4.4.4-150500.1.4
fixed
suse enterprise server 15 SP6
4.8.3-150500.3.9.1
fixed
suse enterprise server 15 SP7
4.9.5-150500.3.40.1
fixed
podman-cni-config
suse enterprise sap 15 SP1
2.0.6-4.25.1
fixed
suse enterprise sap 15 SP2
2.0.6-4.25.1
fixed
suse enterprise sap 15 SP3
2.0.6-4.25.1
fixed
suse enterprise sap 15 SP4
3.4.4-150400.2.14
fixed
suse enterprise sap 15 SP5
4.4.4-150500.1.4
fixed
suse enterprise server 15 SP1
2.0.6-4.25.1
fixed
suse enterprise server 15 SP2
2.0.6-4.25.1
fixed
suse enterprise server 15 SP3
2.0.6-4.25.1
fixed
suse enterprise server 15 SP4
3.4.4-150400.2.14
fixed
suse enterprise server 15 SP5
4.4.4-150500.1.4
fixed
podman-docker
suse enterprise sap 15 SP4
3.4.4-150400.2.14
fixed
suse enterprise sap 15 SP5
4.4.4-150500.1.4
fixed
suse enterprise sap 15 SP6
4.8.3-150500.3.9.1
fixed
suse enterprise sap 15 SP7
4.9.5-150500.3.40.1
fixed
suse enterprise server 15 SP4
3.4.4-150400.2.14
fixed
suse enterprise server 15 SP5
4.4.4-150500.1.4
fixed
suse enterprise server 15 SP6
4.8.3-150500.3.9.1
fixed
suse enterprise server 15 SP7
4.9.5-150500.3.40.1
fixed
podman-remote
suse enterprise sap 15 SP4
3.4.4-150400.2.14
fixed
suse enterprise sap 15 SP5
4.4.4-150500.1.4
fixed
suse enterprise sap 15 SP6
4.8.3-150500.3.9.1
fixed
suse enterprise sap 15 SP7
4.9.5-150500.3.40.1
fixed
suse enterprise server 15 SP4
3.4.4-150400.2.14
fixed
suse enterprise server 15 SP5
4.4.4-150500.1.4
fixed
suse enterprise server 15 SP6
4.8.3-150500.3.9.1
fixed
suse enterprise server 15 SP7
4.9.5-150500.3.40.1
fixed
podmansh
suse enterprise sap 15 SP6
4.8.3-150500.3.9.1
fixed
suse enterprise sap 15 SP7
4.9.5-150500.3.40.1
fixed
suse enterprise server 15 SP6
4.8.3-150500.3.9.1
fixed
suse enterprise server 15 SP7
4.9.5-150500.3.40.1
fixed
Common Weakness Enumeration
References
http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00097.html
http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00103.html
https://access.redhat.com/errata/RHSA-2020:0680
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1726
http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00097.html
http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00103.html
https://access.redhat.com/errata/RHSA-2020:0680
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1726