CVE-2022-1227

Exploit

EPSS 34.75%
Veröffentlicht 29.04.2022 16:15:08
Zuletzt bearbeitet 21.11.2024 06:40:17
Quelle secalert@redhat.com
Teams Watchlist Login
Unerledigt Login

A privilege escalation flaw was found in Podman. This flaw allows an attacker to publish a malicious image to a public registry. Once this image is downloaded by a potential victim, the vulnerability is triggered after a user runs the 'podman top' command. This action gives the attacker access to the host filesystem, leading to information disclosure or denial of service.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 2 Referenzen 7

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Podman Project ≫ Podman Version < 4.0.0

Psgo Project ≫ Psgo SwPlatformgo Version < 1.7.2

Redhat ≫ Developer Tools Version1.0

Redhat ≫ Enterprise Linux Server Update Services For Sap Solutions Version8.6

Redhat ≫ Openshift Container Platform Version4.0

Redhat ≫ Quay Version3.0.0

Redhat ≫ Enterprise Linux Version7.0

Redhat ≫ Enterprise Linux Version8.0

Redhat ≫ Enterprise Linux Eus Version8.6

Redhat ≫ Enterprise Linux For Ibm Z Systems Version7.0

Redhat ≫ Enterprise Linux For Ibm Z Systems Version8.6

Redhat ≫ Enterprise Linux For Power Little Endian Version7.0

Redhat ≫ Enterprise Linux For Power Little Endian Version8.6

Redhat ≫ Enterprise Linux Server Version7.0

Redhat ≫ Enterprise Linux Server Aus Version8.6

Redhat ≫ Enterprise Linux Server For Power Little Endian Update Services For Sap Solutions Version8.6

Redhat ≫ Enterprise Linux Server Tus Version8.6

Redhat ≫ Enterprise Linux Workstation Version7.0

Fedoraproject ≫ Fedora Version34

Fedoraproject ≫ Fedora Version35

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	34.75%	0.969

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvd@nist.gov	6.8	8.6	6.4	AV:N/AC:M/Au:N/C:P/I:P/A:P

CWE-269 Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

CWE-281 Improper Preservation of Permissions

The product does not preserve permissions or incorrectly preserves permissions when copying, restoring, or sharing objects, which can cause them to have less restrictive permissions than intended.

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DLUJZV3HBP56ADXU6QH2V7RNYUPMVBXQ/

https://bugzilla.redhat.com/show_bug.cgi?id=2070368

Third Party Advisory

Issue Tracking

https://github.com/containers/podman/issues/10941

Third Party Advisory

Exploit

Issue Tracking

https://security.netapp.com/advisory/ntap-20240628-0001/

https://nvd.nist.gov/vuln/detail/CVE-2022-1227

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-1227

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-1227

EUVD