Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

podman project podman vulnerabilities and exploits

(subscribe to this query)
3.3
CVSSv3
CVE-2022-4123
A flaw was found in Buildah. The local path and the lowest subdirectory may be disclosed due to incorrect absolute path traversal, resulting in an impact to confidentiality.
Podman Project Podman 4.2.1Podman Project Podman 4.1.1Podman Project Podman 4.2.0Podman Project Podman 4.1.0Podman Project Podman 4.3.0Fedoraproject Fedora 35Fedoraproject Fedora 36Fedoraproject Fedora 37
5.9
CVSSv3
CVE-2021-20199
Rootless containers run with Podman, receive all traffic with a source IP address of 127.0.0.1 (including from remote hosts). This impacts containerized applications that trust localhost (127.0.01) connections by default and do not require authentication. This issue affects Podma...
Podman Project Podman
8.8
CVSSv3
CVE-2019-25067
A vulnerability, which was classified as critical, was found in Podman and Varlink 1.5.1. This affects an unknown part of the component API. The manipulation leads to Remote Privilege Escalation. It is possible to initiate the attack remotely. The exploit has been disclosed to th...
Podman Project Podman 1.5.1Varlink Varlink 1.5.1
6.8
CVSSv3
CVE-2023-0778
A Time-of-check Time-of-use (TOCTOU) flaw was found in podman. This issue may allow a malicious user to replace a normal file in a volume with a symlink while exporting the volume, allowing for access to arbitrary files on the host file system.
Podman Project Podman -Redhat Enterprise Linux 8.0Redhat Enterprise Linux 9.0
5.3
CVSSv3
CVE-2022-4122
A vulnerability was found in buildah. Incorrect following of symlinks while reading .containerignore and .dockerignore results in information disclosure.
Podman Project Podman 4.3.0Fedoraproject Fedora 35Fedoraproject Fedora 36Fedoraproject Fedora 37
6.5
CVSSv3
CVE-2021-4024
A flaw was found in podman. The `podman machine` function (used to create and manage Podman virtual machine containing a Podman process) spawns a `gvproxy` process on the host system. The `gvproxy` API is accessible on port 7777 on all IP addresses on the host. If that port is op...
Podman Project PodmanFedoraproject Fedora 34Fedoraproject Fedora 35Redhat Enterprise Linux 8.0
7
CVSSv3
CVE-2021-20188
A flaw was found in podman prior to 1.7.0. File permissions for non-root users running in a privileged container are not correctly checked. This flaw can be abused by a low-privileged user inside the container to access any other file in the container, even if owned by the root u...
Podman Project PodmanRedhat Openshift Container Platform 3.11Redhat Enterprise Linux 7.0Redhat Enterprise Linux 8.0
5.3
CVSSv3
CVE-2022-2739
The version of podman as released for Red Hat Enterprise Linux 7 Extras via RHSA-2022:2190 advisory included an incorrect version of podman missing the fix for CVE-2020-14370, which was previously fixed via RHSA-2020:5056. This issue could possibly allow an malicious user to gain...
Redhat Enterprise Linux Workstation 7.0Redhat Enterprise Linux Server 7.0Podman Project Podman 1.6.4-32.el7 9
7.5
CVSSv3
CVE-2022-2738
The version of podman as released for Red Hat Enterprise Linux 7 Extras via RHSA-2022:2190 advisory included an incorrect version of podman missing the fix for CVE-2020-8945, which was previously fixed via RHSA-2020:2117. This issue could possibly be used to crash or cause potent...
Redhat Enterprise Linux Workstation 7.0Redhat Enterprise Linux Server 7.0Podman Project Podman 1.6.4-32.el7 9
7.1
CVSSv3
CVE-2022-2989
An incorrect handling of the supplementary groups in the Podman container engine might lead to the sensitive information disclosure or possible data modification if an attacker has direct access to the affected container where supplementary groups are used to set access permissio...
Podman Project PodmanRedhat Enterprise Linux 7.0Redhat Openshift Container Platform 3.11Redhat Enterprise Linux 8.0Redhat Openshift Container Platform 4.0Redhat Enterprise Linux 9.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injectionfirmwareCVE-2006-4304CVE-2024-32878CVE-2024-31502XSSCVE-2024-3059CVE-2024-33692CVE-2024-3400
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook