CVE-2022-1227
29.04.2022, 16:15
A privilege escalation flaw was found in Podman. This flaw allows an attacker to publish a malicious image to a public registry. Once this image is downloaded by a potential victim, the vulnerability is triggered after a user runs the 'podman top' command. This action gives the attacker access to the host filesystem, leading to information disclosure or denial of service.Enginsight
| Vendor | Product | Version |
|---|---|---|
| podman_project | podman | 𝑥 < 4.0.0 |
| psgo_project | psgo | 𝑥 < 1.7.2 |
| redhat | developer_tools | 1.0 |
| redhat | enterprise_linux_server_update_services_for_sap_solutions | 8.6 |
| redhat | openshift_container_platform | 4.0 |
| redhat | quay | 3.0.0 |
| redhat | enterprise_linux | 7.0 |
| redhat | enterprise_linux | 8.0 |
| redhat | enterprise_linux_eus | 8.6 |
| redhat | enterprise_linux_for_ibm_z_systems | 7.0 |
| redhat | enterprise_linux_for_ibm_z_systems | 8.6 |
| redhat | enterprise_linux_for_power_little_endian | 7.0 |
| redhat | enterprise_linux_for_power_little_endian | 8.6 |
| redhat | enterprise_linux_server | 7.0 |
| redhat | enterprise_linux_server_aus | 8.6 |
| redhat | enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions | 8.6 |
| redhat | enterprise_linux_server_tus | 8.6 |
| redhat | enterprise_linux_workstation | 7.0 |
𝑥
= Vulnerable software versions
Debian Releases
Ubuntu Releases
Common Weakness Enumeration
- CWE-281 - Improper Preservation of PermissionsThe software does not preserve permissions or incorrectly preserves permissions when copying, restoring, or sharing objects, which can cause them to have less restrictive permissions than intended.
- CWE-269 - Improper Privilege ManagementThe software does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.
References