Lucene search

K

5 matches found

CVE
CVE
added 2022/04/29 4:15 p.m.359 views

CVE-2022-1227

A privilege escalation flaw was found in Podman. This flaw allows an attacker to publish a malicious image to a public registry. Once this image is downloaded by a potential victim, the vulnerability is triggered after a user runs the 'podman top' command. This action gives the attacker access to t...

8.8CVSS8.3AI score0.34745EPSS
CVE
CVE
added 2020/09/23 1:15 p.m.330 views

CVE-2020-14370

An information disclosure vulnerability was found in containers/podman in versions before 2.0.5. When using the deprecated Varlink API or the Docker-compatible REST API, if multiple containers are created in a short duration, the environment variables from the first container will get leaked into s...

5.3CVSS5AI score0.00115EPSS
CVE
CVE
added 2022/09/13 2:15 p.m.307 views

CVE-2022-2989

An incorrect handling of the supplementary groups in the Podman container engine might lead to the sensitive information disclosure or possible data modification if an attacker has direct access to the affected container where supplementary groups are used to set access permissions and is able to e...

7.1CVSS7.1AI score0.00038EPSS
CVE
CVE
added 2021/02/11 6:15 p.m.299 views

CVE-2021-20188

A flaw was found in podman before 1.7.0. File permissions for non-root users running in a privileged container are not correctly checked. This flaw can be abused by a low-privileged user inside the container to access any other file in the container, even if owned by the root user inside the contai...

7CVSS6.7AI score0.00085EPSS
CVE
CVE
added 2022/04/04 8:15 p.m.285 views

CVE-2022-27649

A flaw was found in Podman, where containers were started incorrectly with non-empty default permissions. A vulnerability was found in Moby (Docker Engine), where containers were started incorrectly with non-empty inheritable Linux process capabilities. This flaw allows an attacker with access to p...

7.5CVSS7.2AI score0.00633EPSS