Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
redosRedosROS-20230710-01
HistoryJul 10, 2023 - 12:00 a.m.

ROS-20230710-01

2023-07-1000:00:00
redos.red-soft.ru
9

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.003 Low

EPSS

Percentile

68.9%

JSON

A vulnerability in Podman software is related to a type mixing error. Exploitation of the vulnerability
could allow an attacker acting remotely to send specially crafted data to the application,
cause a type-mixing error, and reinterpret the resulting content differently.

The Podman software vulnerability involves a race condition where an attacker can
replace a regular file in a volume with a symbolic link when exporting the volume. Exploitation of the vulnerability could
allow an attacker acting remotely to access arbitrary files in the file system of a
of the host.

The vulnerability in the Podman software is related to redundant data output by the application in the function
“podman machine.” Exploitation of the vulnerability could allow an attacker acting remotely to gain
unauthorized access to sensitive information on the system.

A vulnerability in the Podman software is associated with a redundant set of inherited capabilities.
Exploitation of the vulnerability could allow an attacker acting remotely to bypass security restrictions and privilege escalation.
security restrictions and privilege escalation.

The vulnerability in the Podman software is due to improper privilege management when running the
podman top in a container created from a malicious image and using the namespace of the
user namespace. Exploitation of the vulnerability could allow an attacker acting remotely to cause a
disclosure of information or denial of service.

OSVersionArchitecturePackageVersionFilename
redos7.3x86_64podman<= 4.4.1-1UNKNOWN

Related

altlinux 3
nessus 41
redhat 11
openvas 37
fedora 20
ubuntucve 5
cve 5
osv 19
almalinux 4
prion 5
cbl_mariner 2
veracode 5
github 5
mageia 3
suse 5
amazon 1
redhatcve 5
debiancve 4
alpinelinux 5
oraclelinux 4
ibm 3
rocky 4
githubexploit 2
cnvd 1
altlinux
altlinux
Security fix for the ALT Linux 10 package podman version 3.4.3-alt1
2021-12-08 00:00:00
Security fix for the ALT Linux 10 package podman version 4.0.3-alt1
2022-04-08 00:00:00
Security fix for the ALT Linux 10 package podman version 4.4.2-alt1
2023-03-22 00:00:00
nessus
nessus
SUSE SLES15 Security Update : podman (SUSE-SU-2023:0326-1)
2023-02-14 00:00:00
SUSE SLES15 / openSUSE 15 Security Update : podman (SUSE-SU-2023:0187-1)
2023-01-28 00:00:00
RHEL 8 : container-tools:3.0 (RHSA-2022:4816)
2022-05-31 00:00:00
redhat
redhat
(RHSA-2022:4651) Important: container-tools:2.0 security update
2022-05-18 12:25:20
(RHSA-2022:4816) Important: container-tools:3.0 security update
2022-05-31 09:59:42
(RHSA-2022:1762) Important: container-tools:rhel8 security, bug fix, and enhancement update
2022-05-10 08:00:01
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2023:0187-1)
2023-01-30 00:00:00
Fedora: Security Advisory for podman (FEDORA-2022-c87047f163)
2022-04-30 00:00:00
Fedora: Security Advisory for podman (FEDORA-2022-5e637f6cc6)
2022-05-15 00:00:00
fedora
fedora
[SECURITY] Fedora 34 Update: podman-3.4.7-1.fc34
2022-05-14 01:24:16
[SECURITY] Fedora 35 Update: podman-3.4.7-1.fc35
2022-04-29 07:11:23
[SECURITY] Fedora 35 Update: golang-github-containerd-ttrpc-1.1.0-1.fc35
2021-12-01 01:21:43
ubuntucve
ubuntucve
CVE-2022-27649
2022-04-04 00:00:00
CVE-2021-41190
2021-11-17 00:00:00
CVE-2021-4024
2021-12-23 00:00:00
cve
cve
CVE-2022-27649
2022-04-04 20:15:00
CVE-2021-41190
2021-11-17 20:15:00
CVE-2021-4024
2021-12-23 20:15:00
osv
osv
Podman's default inheritable capabilities for linux container not empty
2022-04-01 20:52:29
CVE-2022-27649
2022-04-04 20:15:10
Clarify Content-Type handling
2021-11-18 16:13:08
almalinux
almalinux
Important: container-tools:rhel8 security, bug fix, and enhancement update
2022-05-10 00:00:00
Important: container-tools:3.0 security update
2022-05-10 14:59:29
Moderate: container-tools:2.0 security update
2022-04-26 13:51:50
prion
prion
Default credentials
2022-04-04 20:15:00
Design/Logic Flaw
2021-11-17 20:15:00
Open redirect
2021-12-23 20:15:00
cbl_mariner
cbl_mariner
CVE-2022-27649 affecting package podman 2.2.1-5
2022-08-03 21:00:10
CVE-2022-1227 affecting package podman 2.2.1-5
2022-08-03 21:00:10
veracode
veracode
Denial Of Service (DoS)
2022-04-02 08:56:27
Incorrect Content-type Handling
2021-11-18 06:30:58
Denial Of Service (DoS)
2022-04-21 17:05:02
github
github
Podman's default inheritable capabilities for linux container not empty
2022-04-01 20:52:29
Clarify Content-Type handling
2021-11-18 16:13:08
Exposure of Sensitive Information to an Unauthorized Actor and Origin Validation Error in podman
2022-01-06 21:12:50
mageia
mageia
Updated skopeo/buildah/podman packages fix security vulnerability
2023-07-07 08:54:45
Updated docker-containerd packages fix security vulnerability
2021-12-02 19:49:28
Updated singularity packages fix security vulnerability
2022-01-06 01:45:33
suse
suse
Security update for singularity (moderate)
2021-12-04 00:00:00
Security update for conmon, libcontainers-common, libseccomp, podman (moderate)
2022-03-04 00:00:00
Security update for podman (important)
2022-09-01 00:00:00
amazon
amazon
Medium: containerd, docker
2021-11-17 15:38:00
redhatcve
redhatcve
CVE-2021-41190
2021-11-19 15:20:21
CVE-2021-4024
2021-11-26 14:19:57
CVE-2022-1227
2022-04-04 11:49:31
debiancve
debiancve
CVE-2022-27649
2022-04-04 20:15:00
CVE-2021-4024
2021-12-23 20:15:00
CVE-2022-1227
2022-04-29 16:15:00
alpinelinux
alpinelinux
CVE-2022-27649
2022-04-04 20:15:00
CVE-2021-41190
2021-11-17 20:15:00
CVE-2021-4024
2021-12-23 20:15:00
oraclelinux
oraclelinux
container-tools:ol8 security, bug fix, and enhancement update
2022-05-17 00:00:00
container-tools:3.0 security update
2022-05-19 00:00:00
container-tools:2.0 security update
2022-04-28 00:00:00
ibm
ibm
Security Bulletin: IBM Cloud Kubernetes Service is affected by a containerd security vulnerability (CVE-2021-41190)
2021-12-14 14:50:20
Security Bulletin: IBM CICS TX Standard is vulnerable to an Open Container Initiative Distribution Specification vulnerability (CVE-2021-41190).
2023-02-14 21:14:53
Security Bulletin: IBM CICS TX Advanced is vulnerable to an Open Container Initiative Distribution Specification vulnerability (CVE-2021-41190).
2023-02-14 21:04:36
rocky
rocky
container-tools:rhel8 security, bug fix, and enhancement update
2022-05-10 08:00:01
container-tools:3.0 security update
2022-05-10 14:59:29
container-tools:3.0 security and bug fix update
2022-04-26 13:51:39
githubexploit
githubexploit
Exploit for Improper Privilege Management in Podman Project Podman
2023-04-01 07:28:15
Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Podman Project Podman
2022-01-27 16:28:56
cnvd
cnvd
Podman lifting vulnerability
2022-04-24 00:00:00

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.003 Low

EPSS

Percentile

68.9%

JSON
Related for ROS-20230710-01
altlinux3nessus41redhat11openvas37fedora20ubuntucve5cve5osv19almalinux4prion5cbl_mariner2veracode5github5mageia3suse5amazon1redhatcve5debiancve4alpinelinux5oraclelinux4ibm3rocky4githubexploit2cnvd1