An incorrect handling of the supplementary groups in the Podman container engine might lead to the sensitive information disclosure or possible data modification if an attacker has direct access to the affected container where supplementary groups are used to set access permissions and is able to execute a binary code in that container.

🗓️ 17 Sep 2022 00:00:00Reported by MicrosoftType

mscve

mscve🔗 msrc.microsoft.com👁 2 Views

Podman supplementary groups mismanagement can leak or modify data when an attacker executes code in the container.

Reporter	Title	Published	Views	Family All 126
Tenable Nessus	Alibaba Cloud Linux 3 : 0050: container-tools:rhel8 (ALINUX3-SA-2024:0050)	14 May 202500:00	–	nessus
Tenable Nessus	AlmaLinux 8 : container-tools:rhel8 (ALSA-2022:7822)	14 Nov 202200:00	–	nessus
Tenable Nessus	AlmaLinux 9 : buildah (ALSA-2022:8008)	19 Nov 202200:00	–	nessus
Tenable Nessus	AlmaLinux 9 : podman (ALSA-2022:8431)	18 Nov 202200:00	–	nessus
Tenable Nessus	AlmaLinux 8 : container-tools:4.0 (ALSA-2023:2802)	19 May 202300:00	–	nessus
Tenable Nessus	CentOS 8 : container-tools:rhel8 (CESA-2022:7822)	8 Nov 202200:00	–	nessus
Tenable Nessus	CentOS 8 : container-tools:4.0 (CESA-2023:2802)	16 May 202300:00	–	nessus
Tenable Nessus	GLSA-202407-12 : podman: Multiple Vulnerabilities	5 Jul 202400:00	–	nessus
Tenable Nessus	MiracleLinux 8 : container-tools:rhel8 (AXSA:2022-4470:01)	20 Jan 202600:00	–	nessus
Tenable Nessus	MiracleLinux 9 : container-tools, python-podman-4.2.0-1.el9, toolbox-0.0.99.3-5.el9 (AXSA:2023-5056:01)	20 Jan 202600:00	–	nessus

25 May 2023 00:00Current

6.3Medium risk

Vulners AI Score6.3

CVSS 3.17.1

EPSS0.00298

SSVC

Podman supplementary groups sensitive data disclosure data modification attacker container access code execution container permission handling