3 matches found
CVE-2019-18466
Podman libpod before 1.6.0 is affected by CVE-2019-18466. A symlink in the host context is resolved during a container-to-host copy due to an undesired glob, enabling a container image containing specific symlinks to overwrite host files when copied by a victim. Impact is local, with potential fi...
CVE-2019-10152
CVE-2019-10152 is a path traversal vulnerability in podman, where improper handling of symlinks inside containers (pre-1.4.0) allowed an attacker who already compromised a container to cause host-files read/write when copying between container and host. Multiple sources (GHSA advisory, openSUSE/S...
CVE-2018-10856
The CVE-2018-10856 issue affects podman prior to 0.6.1, where capabilities are not dropped when running a container as non-root, allowing unnecessary privileges. This is supported by multiple connected advisories (e.g., RHSA-2018:2037, GHSA-WP7W-VX86-VJ9H, OpenVAS feeds, and Fedora updates). Impa...