CVE-2020-1726
- EPSS 0.16%
- Published 11.02.2020 20:15:12
- Last modified 21.11.2024 05:11:15
A flaw was discovered in Podman where it incorrectly allows containers when created to overwrite existing files in volumes, even if they are mounted as read-only. When a user runs a malicious container or a container based on a malicious image with a...
CVE-2019-10214
- EPSS 0.32%
- Published 25.11.2019 11:15:11
- Last modified 21.11.2024 04:18:40
The containers/image library used by the container tools Podman, Buildah, and Skopeo in Red Hat Enterprise Linux version 8 and CRI-O in OpenShift Container Platform, does not enforce TLS connections to the container registry authorization service. An...
CVE-2019-18466
- EPSS 0.84%
- Published 28.10.2019 13:15:11
- Last modified 21.11.2024 04:33:17
An issue was discovered in Podman in libpod before 1.6.0. It resolves a symlink in the host context during a copy operation from the container to the host, because an undesired glob operation occurs. An attacker could create a container image contain...
CVE-2019-10152
- EPSS 0.36%
- Published 30.07.2019 23:15:11
- Last modified 21.11.2024 04:18:31
A path traversal vulnerability has been discovered in podman before version 1.4.0 in the way it handles symlinks inside containers. An attacker who has compromised an existing container can cause arbitrary files on the host filesystem to be read/writ...
CVE-2018-10856
- EPSS 0.15%
- Published 03.07.2018 01:29:00
- Last modified 21.11.2024 03:42:09
It has been discovered that podman before version 0.6.1 does not drop capabilities when executing a container as a non-root user. This results in unnecessary privileges being granted to the container.