CVE-2019-10214

CVE-2019-10214 affects the containers/image library used by Podman, Buildah and Skopeo on Red Hat Enterprise Linux 8 and OpenShift Container Platform (CRI-O). The root cause is that TLS connections to the container registry authorization service are not enforced, enabling a potential MiTM attack ...

CVE-2020-1726

CVE-2020-1726 describes a Podman flaw where containers created with an attached volume could overwrite files in the volume, even when mounted read-only. The issue, introduced in version 1.6.0, occurs when running a malicious container or image whose volume is used for the first time, enabling tar...

CVE-2019-18466

Podman libpod before 1.6.0 is affected by CVE-2019-18466. A symlink in the host context is resolved during a container-to-host copy due to an undesired glob, enabling a container image containing specific symlinks to overwrite host files when copied by a victim. Impact is local, with potential fi...

CVE-2019-10152

CVE-2019-10152 is a path traversal vulnerability in podman, where improper handling of symlinks inside containers (pre-1.4.0) allowed an attacker who already compromised a container to cause host-files read/write when copying between container and host. Multiple sources (GHSA advisory, openSUSE/S...

CVE-2018-10856

The CVE-2018-10856 issue affects podman prior to 0.6.1, where capabilities are not dropped when running a container as non-root, allowing unnecessary privileges. This is supported by multiple connected advisories (e.g., RHSA-2018:2037, GHSA-WP7W-VX86-VJ9H, OpenVAS feeds, and Fedora updates). Impa...