Podman: podman kube play command may overwrite host files

...

Linux Distros Unpatched Vulnerability : CVE-2025-9566

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - There's a vulnerability in podman where an attacker may use the kube play command to overwrite host files when the kube file container a Secrete or a ConfigMap...

SUSE CVE-2025-9566

There's a vulnerability in podman where an attacker may use the kube play command to overwrite host files when the kube file container a Secrete or a ConfigMap volume mount and such volume contains a symbolic link to a host file path. In a successful attack, the attacker can only control the targ...

CVE-2025-9566

There's a vulnerability in podman where an attacker may use the kube play command to overwrite host files when the kube file container a Secrete or a ConfigMap volume mount and such volume contains a symbolic link to a host file path. In a successful attack, the attacker can only control the targ...

AZL-67049 CVE-2025-9566 affecting package podman 5.6.1-7

There's a vulnerability in podman where an attacker may use the kube play command to overwrite host files when the kube file container a Secrete or a ConfigMap volume mount and such volume contains a symbolic link to a host file path. In a successful attack, the attacker can only control the targ...

CVE-2025-9566

There's a vulnerability in podman where an attacker may use the kube play command to overwrite host files when the kube file container a Secrete or a ConfigMap volume mount and such volume contains a symbolic link to a host file path. In a successful attack, the attacker can only control the targ...

AZL-67046 CVE-2025-9566 affecting package podman 4.1.1-26

There's a vulnerability in podman where an attacker may use the kube play command to overwrite host files when the kube file container a Secrete or a ConfigMap volume mount and such volume contains a symbolic link to a host file path. In a successful attack, the attacker can only control the targ...

DEBIAN-CVE-2025-9566

There's a vulnerability in podman where an attacker may use the kube play command to overwrite host files when the kube file container a Secrete or a ConfigMap volume mount and such volume contains a symbolic link to a host file path. In a successful attack, the attacker can only control the targ...

UBUNTU-CVE-2025-9566

There's a vulnerability in podman where an attacker may use the kube play command to overwrite host files when the kube file container a Secrete or a ConfigMap volume mount and such volume contains a symbolic link to a host file path. In a successful attack, the attacker can only control the targ...

CVE-2025-9566 Podman: podman kube play command may overwrite host files

There's a vulnerability in podman where an attacker may use the kube play command to overwrite host files when the kube file container a Secrete or a ConfigMap volume mount and such volume contains a symbolic link to a host file path. In a successful attack, the attacker can only control the targ...

CVE-2025-9566

There's a vulnerability in podman where an attacker may use the kube play command to overwrite host files when the kube file container a Secrete or a ConfigMap volume mount and such volume contains a symbolic link to a host file path. In a successful attack, the attacker can only control the targ...

CVE-2025-9566

There's a vulnerability in podman where an attacker may use the kube play command to overwrite host files when the kube file container a Secrete or a ConfigMap volume mount and such volume contains a symbolic link to a host file path. In a successful attack, the attacker can only control the targ...

Malicious code in google-play-card-balance432 (npm)

The package google-play-card-balance432 was found to contain malicious code...

MAL-2025-44451 Malicious code in google-play-card-balance432 (npm)

The package google-play-card-balance432 was found to contain malicious code...

MAL-2025-44452 Malicious code in google-play-card-redeem992 (npm)

The package google-play-card-redeem992 was found to contain malicious code...

Malicious code in google-play-card-balance353 (npm)

The package google-play-card-balance353 was found to contain malicious code...

Malicious code in google-play-card-redeem992 (npm)

The package google-play-card-redeem992 was found to contain malicious code...

MAL-2025-44450 Malicious code in google-play-card-balance353 (npm)

The package google-play-card-balance353 was found to contain malicious code...

Podman 路径遍历漏洞

Podman is a Podman open source engine for developing, managing and running OCI containers on Linux systems. Podman suffers from a path traversal vulnerability that stems from the fact that the kube play command may be used to overwrite a host file, potentially resulting in the file being...

GHSA-WP3J-XQ48-XPJW podman kube play symlink traversal vulnerability

Impact The podman kube play command can overwrite host files when the kube file contains a ConfigMap or Secret volume mount and the volume already contains a symlink to a host file. This allows a malicious container to write to arbitrary files on the host BUT the attacker only controls the target...