Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Podman
(Podman_project)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 14 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2022-12-08 | CVE-2022-4122 | A vulnerability was found in buildah. Incorrect following of symlinks while reading .containerignore and .dockerignore results in information disclosure. | Fedora, Podman | 5.3 | ||
| 2022-12-08 | CVE-2022-4123 | A flaw was found in Buildah. The local path and the lowest subdirectory may be disclosed due to incorrect absolute path traversal, resulting in an impact to confidentiality. | Fedora, Podman | 3.3 | ||
| 2023-03-27 | CVE-2023-0778 | A Time-of-check Time-of-use (TOCTOU) flaw was found in podman. This issue may allow a malicious user to replace a normal file in a volume with a symlink while exporting the volume, allowing for access to arbitrary files on the host file system. | Podman, Enterprise_linux | 6.8 | ||
| 2022-06-09 | CVE-2019-25067 | A vulnerability, which was classified as critical, was found in Podman and Varlink 1.5.1. This affects an unknown part of the component API. The manipulation leads to Remote Privilege Escalation. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-143949 was assigned to this vulnerability. | Podman, Varlink | 8.8 |