Lucene search

K
ubuntucveUbuntu.comUB:CVE-2021-20188
HistoryFeb 11, 2021 - 12:00 a.m.

CVE-2021-20188

2021-02-1100:00:00
ubuntu.com
ubuntu.com
8

7 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

6.9 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

10.9%

A flaw was found in podman before 1.7.0. File permissions for non-root
users running in a privileged container are not correctly checked. This
flaw can be abused by a low-privileged user inside the container to access
any other file in the container, even if owned by the root user inside the
container. It does not allow to directly escape the container, though being
a privileged container means that a lot of security features are disabled
when running the container. The highest threat from this vulnerability is
to data confidentiality and integrity as well as system availability.

OSVersionArchitecturePackageVersionFilename
ubuntu22.04noarchlibpod< anyUNKNOWN
ubuntu23.10noarchlibpod< anyUNKNOWN

7 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

6.9 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

10.9%