Lucene search

K
cvelistRedhatCVELIST:CVE-2023-0778
HistoryMar 27, 2023 - 12:00 a.m.

CVE-2023-0778

2023-03-2700:00:00
CWE-367
redhat
www.cve.org
cve-2023-0778
toctou flaw
podman
symlink attack
host file system

7 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

27.6%

A Time-of-check Time-of-use (TOCTOU) flaw was found in podman. This issue may allow a malicious user to replace a normal file in a volume with a symlink while exporting the volume, allowing for access to arbitrary files on the host file system.

CNA Affected

[
  {
    "vendor": "n/a",
    "product": "podman",
    "versions": [
      {
        "version": "unknown",
        "status": "affected"
      }
    ]
  }
]