Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2022-1227 (GCVE-0-2022-1227)
Vulnerability from cvelistv5 – Published: 2022-04-29 15:45 – Updated: 2024-08-02 23:55
VLAI?
EPSS
Summary
A privilege escalation flaw was found in Podman. This flaw allows an attacker to publish a malicious image to a public registry. Once this image is downloaded by a potential victim, the vulnerability is triggered after a user runs the 'podman top' command. This action gives the attacker access to the host filesystem, leading to information disclosure or denial of service.
Severity ?
No CVSS data available.
CWE
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:55:24.597Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2070368"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/containers/podman/issues/10941"
},
{
"name": "FEDORA-2022-5e637f6cc6",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DLUJZV3HBP56ADXU6QH2V7RNYUPMVBXQ/"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20240628-0001/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "psgo",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "podman 4.0, psgo 1.7.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A privilege escalation flaw was found in Podman. This flaw allows an attacker to publish a malicious image to a public registry. Once this image is downloaded by a potential victim, the vulnerability is triggered after a user runs the \u0027podman top\u0027 command. This action gives the attacker access to the host filesystem, leading to information disclosure or denial of service."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-281",
"description": "CWE-281",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-28T16:06:02.042Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2070368"
},
{
"url": "https://github.com/containers/podman/issues/10941"
},
{
"name": "FEDORA-2022-5e637f6cc6",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DLUJZV3HBP56ADXU6QH2V7RNYUPMVBXQ/"
},
{
"url": "https://security.netapp.com/advisory/ntap-20240628-0001/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2022-1227",
"datePublished": "2022-04-29T15:45:00.000Z",
"dateReserved": "2022-04-04T00:00:00.000Z",
"dateUpdated": "2024-08-02T23:55:24.597Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-1227
Vulnerability from fstec - Published: 15.07.2021
VLAI Severity ?
Title
Уязвимость реализации команды podman top программного средства управления и запуска OCI-контейнеров Podman операционных систем Red Hat Enterprise Linux, РедОС и корпоративной платформы Red Hat OpenShift Container Platform, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации, повысить свои привилегии или вызвать отказ в обслуживании
Description
Уязвимость реализации команды podman top программного средства управления и запуска OCI-контейнеров Podman операционных систем Red Hat Enterprise Linux, РедОС и корпоративной платформы Red Hat OpenShift Container Platform связана с загрузкой вредоносного образа в общедоступный реестр в результате некорректного разграничения доступа. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, получить несанкционированный доступ к защищаемой информации, повысить свои привилегии или вызвать отказ в обслуживании
Severity ?
Vendor
Red Hat Inc., Fedora Project, ООО «Ред Софт», АО «ИВК», Сообщество свободного программного обеспечения
Software Name
Red Hat Enterprise Linux, Red Hat Quay, Fedora, РЕД ОС (запись в едином реестре российских программ №3751), Альт 8 СП (запись в едином реестре российских программ №4305), Red Hat OpenShift Container Platform, Podman, psgo
Software Version
7 (Red Hat Enterprise Linux), 8 (Red Hat Enterprise Linux), 3 (Red Hat Quay), 8.2 Extended Update Support (Red Hat Enterprise Linux), 34 (Fedora), 35 (Fedora), 8.4 Extended Update Support (Red Hat Enterprise Linux), 7.3 (РЕД ОС), - (Альт 8 СП), 4 (Red Hat OpenShift Container Platform), 4.6 (Red Hat OpenShift Container Platform), до 4.0.0 (Podman), до 1.7.2 (psgo)
Possible Mitigations
Использование рекомендаций:
Для Podman:
https://github.com/containers/podman/releases/tag/v4.0.0
Для psgo:
https://github.com/containers/psgo/releases/tag/v1.7.2
Для РедОС:
http://repo.red-soft.ru/redos/7.3c/x86_64/updates/
Для продуктов Red Hat Inc.:
https://access.redhat.com/security/cve/CVE-2022-1227
Для Fedora:
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DLUJZV3HBP56ADXU6QH2V7RNYUPMVBXQ/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J5WPM42UR6XIBQNQPNQHM32X7S4LJTRX/
Для ОС Альт 8 СП: установка обновления из публичного репозитория программного средства: https://altsp.su/obnovleniya-bezopasnosti/
Для ОС Альт 8 СП: установка обновления из публичного репозитория программного средства: https://altsp.su/obnovleniya-bezopasnosti/
Reference
https://redos.red-soft.ru/support/secure/uyazvimosti/mnozhestvennye-uyazvimosti-podman-cve-2023-0778-cve-2022-27649-cve-2021-41190-cve-2021-4024-cve-2022/?sphrase_id=197317
https://access.redhat.com/security/cve/CVE-2022-1227
https://bugzilla.redhat.com/show_bug.cgi?id=2070368
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DLUJZV3HBP56ADXU6QH2V7RNYUPMVBXQ/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J5WPM42UR6XIBQNQPNQHM32X7S4LJTRX/
https://github.com/containers/podman/issues/10941
https://github.com/containers/psgo/pull/92
https://github.com/containers/podman/releases/tag/v4.0.0
https://github.com/containers/psgo/releases/tag/v1.7.2
https://github.com/advisories/GHSA-66vw-v2x9-hw75
https://altsp.su/obnovleniya-bezopasnosti/
https://altsp.su/obnovleniya-bezopasnosti/
CWE
CWE-269, CWE-281
{
"CVSS 2.0": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"CVSS 3.0": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CVSS 4.0": null,
"remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
"remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
"\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Red Hat Inc., Fedora Project, \u041e\u041e\u041e \u00ab\u0420\u0435\u0434 \u0421\u043e\u0444\u0442\u00bb, \u0410\u041e \u00ab\u0418\u0412\u041a\u00bb, \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
"\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "7 (Red Hat Enterprise Linux), 8 (Red Hat Enterprise Linux), 3 (Red Hat Quay), 8.2 Extended Update Support (Red Hat Enterprise Linux), 34 (Fedora), 35 (Fedora), 8.4 Extended Update Support (Red Hat Enterprise Linux), 7.3 (\u0420\u0415\u0414 \u041e\u0421), - (\u0410\u043b\u044c\u0442 8 \u0421\u041f), 4 (Red Hat OpenShift Container Platform), 4.6 (Red Hat OpenShift Container Platform), \u0434\u043e 4.0.0 (Podman), \u0434\u043e 1.7.2 (psgo)",
"\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\n\u0414\u043b\u044f Podman:\nhttps://github.com/containers/podman/releases/tag/v4.0.0\n\n\u0414\u043b\u044f psgo:\nhttps://github.com/containers/psgo/releases/tag/v1.7.2\n\n\u0414\u043b\u044f \u0420\u0435\u0434\u041e\u0421: \nhttp://repo.red-soft.ru/redos/7.3c/x86_64/updates/\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Red Hat Inc.:\nhttps://access.redhat.com/security/cve/CVE-2022-1227\n\n\u0414\u043b\u044f Fedora:\nhttps://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DLUJZV3HBP56ADXU6QH2V7RNYUPMVBXQ/ \nhttps://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J5WPM42UR6XIBQNQPNQHM32X7S4LJTRX/\n\n\u0414\u043b\u044f \u041e\u0421 \u0410\u043b\u044c\u0442 8 \u0421\u041f: \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u0430 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u0438\u0437 \u043f\u0443\u0431\u043b\u0438\u0447\u043d\u043e\u0433\u043e \u0440\u0435\u043f\u043e\u0437\u0438\u0442\u043e\u0440\u0438\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430: https://altsp.su/obnovleniya-bezopasnosti/\n\n\u0414\u043b\u044f \u041e\u0421 \u0410\u043b\u044c\u0442 8 \u0421\u041f: \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u0430 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u0438\u0437 \u043f\u0443\u0431\u043b\u0438\u0447\u043d\u043e\u0433\u043e \u0440\u0435\u043f\u043e\u0437\u0438\u0442\u043e\u0440\u0438\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430: https://altsp.su/obnovleniya-bezopasnosti/",
"\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "15.07.2021",
"\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "24.09.2025",
"\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "13.07.2023",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2023-03685",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2022-1227",
"\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
"\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0430\u0440\u0445\u0438\u0442\u0435\u043a\u0442\u0443\u0440\u044b",
"\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Red Hat Enterprise Linux, Red Hat Quay, Fedora, \u0420\u0415\u0414 \u041e\u0421 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21163751), \u0410\u043b\u044c\u0442 8 \u0421\u041f (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21164305), Red Hat OpenShift Container Platform, Podman, psgo",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "Red Hat Inc. Red Hat Enterprise Linux 7 , Red Hat Inc. Red Hat Enterprise Linux 8 , Red Hat Inc. Red Hat Enterprise Linux 8.2 Extended Update Support , Fedora Project Fedora 34 , Fedora Project Fedora 35 , Red Hat Inc. Red Hat Enterprise Linux 8.4 Extended Update Support , \u041e\u041e\u041e \u00ab\u0420\u0435\u0434 \u0421\u043e\u0444\u0442\u00bb \u0420\u0415\u0414 \u041e\u0421 7.3 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21163751), \u0410\u041e \u00ab\u0418\u0412\u041a\u00bb \u0410\u043b\u044c\u0442 8 \u0421\u041f - (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21164305)",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0440\u0435\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438 \u043a\u043e\u043c\u0430\u043d\u0434\u044b podman top \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430 \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0438 \u0437\u0430\u043f\u0443\u0441\u043a\u0430 OCI-\u043a\u043e\u043d\u0442\u0435\u0439\u043d\u0435\u0440\u043e\u0432 Podman \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c Red Hat Enterprise Linux, \u0420\u0435\u0434\u041e\u0421 \u0438 \u043a\u043e\u0440\u043f\u043e\u0440\u0430\u0442\u0438\u0432\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b Red Hat OpenShift Container Platform, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u043d\u0435\u0441\u0430\u043d\u043a\u0446\u0438\u043e\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0439 \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u0437\u0430\u0449\u0438\u0449\u0430\u0435\u043c\u043e\u0439 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438, \u043f\u043e\u0432\u044b\u0441\u0438\u0442\u044c \u0441\u0432\u043e\u0438 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0438 \u0438\u043b\u0438 \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438",
"\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0421\u0443\u0449\u0435\u0441\u0442\u0432\u0443\u0435\u0442 \u0432 \u043e\u0442\u043a\u0440\u044b\u0442\u043e\u043c \u0434\u043e\u0441\u0442\u0443\u043f\u0435",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041d\u0435\u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0435 \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u044f\u043c\u0438 (CWE-269), \u041d\u0435\u043f\u0440\u0430\u0432\u0438\u043b\u044c\u043d\u043e\u0435 \u0441\u043e\u0445\u0440\u0430\u043d\u0435\u043d\u0438\u0435 \u0440\u0430\u0437\u0440\u0435\u0448\u0435\u043d\u0438\u0439 (CWE-281)",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0440\u0435\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438 \u043a\u043e\u043c\u0430\u043d\u0434\u044b podman top \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430 \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0438 \u0437\u0430\u043f\u0443\u0441\u043a\u0430 OCI-\u043a\u043e\u043d\u0442\u0435\u0439\u043d\u0435\u0440\u043e\u0432 Podman \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c Red Hat Enterprise Linux, \u0420\u0435\u0434\u041e\u0421 \u0438 \u043a\u043e\u0440\u043f\u043e\u0440\u0430\u0442\u0438\u0432\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b Red Hat OpenShift Container Platform \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u0437\u0430\u0433\u0440\u0443\u0437\u043a\u043e\u0439 \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u043e\u0433\u043e \u043e\u0431\u0440\u0430\u0437\u0430 \u0432 \u043e\u0431\u0449\u0435\u0434\u043e\u0441\u0442\u0443\u043f\u043d\u044b\u0439 \u0440\u0435\u0435\u0441\u0442\u0440 \u0432 \u0440\u0435\u0437\u0443\u043b\u044c\u0442\u0430\u0442\u0435 \u043d\u0435\u043a\u043e\u0440\u0440\u0435\u043a\u0442\u043d\u043e\u0433\u043e \u0440\u0430\u0437\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u0438\u044f \u0434\u043e\u0441\u0442\u0443\u043f\u0430. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e, \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u043d\u0435\u0441\u0430\u043d\u043a\u0446\u0438\u043e\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0439 \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u0437\u0430\u0449\u0438\u0449\u0430\u0435\u043c\u043e\u0439 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438, \u043f\u043e\u0432\u044b\u0441\u0438\u0442\u044c \u0441\u0432\u043e\u0438 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0438 \u0438\u043b\u0438 \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438",
"\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
"\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
"\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041d\u0430\u0440\u0443\u0448\u0435\u043d\u0438\u0435 \u0430\u0432\u0442\u043e\u0440\u0438\u0437\u0430\u0446\u0438\u0438",
"\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://redos.red-soft.ru/support/secure/uyazvimosti/mnozhestvennye-uyazvimosti-podman-cve-2023-0778-cve-2022-27649-cve-2021-41190-cve-2021-4024-cve-2022/?sphrase_id=197317\nhttps://access.redhat.com/security/cve/CVE-2022-1227\nhttps://bugzilla.redhat.com/show_bug.cgi?id=2070368\nhttps://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DLUJZV3HBP56ADXU6QH2V7RNYUPMVBXQ/ \nhttps://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J5WPM42UR6XIBQNQPNQHM32X7S4LJTRX/\nhttps://github.com/containers/podman/issues/10941\nhttps://github.com/containers/psgo/pull/92\nhttps://github.com/containers/podman/releases/tag/v4.0.0\nhttps://github.com/containers/psgo/releases/tag/v1.7.2\nhttps://github.com/advisories/GHSA-66vw-v2x9-hw75\nhttps://altsp.su/obnovleniya-bezopasnosti/\nhttps://altsp.su/obnovleniya-bezopasnosti/",
"\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
"\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430, \u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c, \u041f\u041e \u0434\u043b\u044f \u0440\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u043a\u0438 \u0418\u0418",
"\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-269, CWE-281",
"\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 10)\n\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 8,8)"
}
cve-2022-1227
Vulnerability from osv_almalinux
Published
2022-05-10 00:00
Modified
2022-08-03 21:48
Summary
Important: container-tools:rhel8 security, bug fix, and enhancement update
Details
The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Security Fix(es): * psgo: Privilege escalation in 'podman top' (CVE-2022-1227) * prometheus/client_golang: Denial of service using InstrumentHandlerCounter (CVE-2022-21698) * podman: Default inheritable capabilities for linux container should be empty (CVE-2022-27649) * crun: Default inheritable capabilities for linux container should be empty (CVE-2022-27650) * buildah: Default inheritable capabilities for linux container should be empty (CVE-2022-27651) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.
{
"affected": [
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "aardvark-dns"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2:1.0.1-27.module_el8.6.0+2878+e681bc44"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "buildah"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:1.24.2-4.module_el8.6.0+2878+e681bc44"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "buildah-tests"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:1.24.2-4.module_el8.6.0+2878+e681bc44"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "cockpit-podman"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "43-1.module_el8.6.0+2877+8e437bf5"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "conmon"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2:2.1.0-1.module_el8.6.0+2877+8e437bf5"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "container-selinux"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2:2.179.1-1.module_el8.6.0+2878+e681bc44"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "containernetworking-plugins"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:1.0.1-2.module_el8.6.0+2878+e681bc44"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "containers-common"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2:1-27.module_el8.6.0+2878+e681bc44"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "crit"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.15-3.module_el8.6.0+2751+06427ca3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "crit"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.15-3.module_el8.6.0+2877+8e437bf5"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "criu"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.15-3.module_el8.6.0+2877+8e437bf5"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "criu"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.15-3.module_el8.6.0+2751+06427ca3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "criu-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.15-3.module_el8.6.0+2751+06427ca3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "criu-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.15-3.module_el8.6.0+2877+8e437bf5"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "criu-libs"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.15-3.module_el8.6.0+2751+06427ca3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "criu-libs"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.15-3.module_el8.6.0+2877+8e437bf5"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "crun"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.4.4-1.module_el8.6.0+2877+8e437bf5"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "fuse-overlayfs"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.8.2-1.module_el8.6.0+2877+8e437bf5"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "libslirp"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "4.4.0-1.module_el8.6.0+2877+8e437bf5"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "libslirp-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "4.4.0-1.module_el8.6.0+2877+8e437bf5"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "netavark"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2:1.0.1-27.module_el8.6.0+2878+e681bc44"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "oci-seccomp-bpf-hook"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.2.3-3.module_el8.6.0+2877+8e437bf5"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "podman"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2:4.0.2-6.module_el8.6.0+2878+e681bc44"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "podman-catatonit"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2:4.0.2-6.module_el8.6.0+2878+e681bc44"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "podman-docker"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2:4.0.2-6.module_el8.6.0+2878+e681bc44"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "podman-gvproxy"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2:4.0.2-6.module_el8.6.0+2878+e681bc44"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "podman-plugins"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2:4.0.2-6.module_el8.6.0+2878+e681bc44"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "podman-remote"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2:4.0.2-6.module_el8.6.0+2878+e681bc44"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "podman-tests"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2:4.0.2-6.module_el8.6.0+2878+e681bc44"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "python3-criu"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.15-3.module_el8.6.0+2877+8e437bf5"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "python3-criu"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.15-3.module_el8.6.0+2751+06427ca3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "python3-podman"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "4.0.0-1.module_el8.6.0+2877+8e437bf5"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "runc"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:1.0.3-2.module_el8.6.0+2878+e681bc44"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "skopeo"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2:1.6.1-2.module_el8.6.0+2877+8e437bf5"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "skopeo-tests"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2:1.6.1-2.module_el8.6.0+2877+8e437bf5"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "slirp4netns"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.1.8-2.module_el8.6.0+2877+8e437bf5"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "toolbox"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.0.99.3-0.4.module_el8.6.0+2877+8e437bf5"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "toolbox-tests"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.0.99.3-0.4.module_el8.6.0+2877+8e437bf5"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "udica"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.2.6-2.module_el8.6.0+2877+8e437bf5"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"details": "The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc.\nSecurity Fix(es):\n* psgo: Privilege escalation in \u0027podman top\u0027 (CVE-2022-1227)\n* prometheus/client_golang: Denial of service using InstrumentHandlerCounter (CVE-2022-21698)\n* podman: Default inheritable capabilities for linux container should be empty (CVE-2022-27649)\n* crun: Default inheritable capabilities for linux container should be empty (CVE-2022-27650)\n* buildah: Default inheritable capabilities for linux container should be empty (CVE-2022-27651)\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\nAdditional Changes:\nFor detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.",
"id": "ALSA-2022:1762",
"modified": "2022-08-03T21:48:40Z",
"published": "2022-05-10T00:00:00Z",
"references": [
{
"type": "ADVISORY",
"url": "https://access.redhat.com/errata/RHSA-2022:1762"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-1227"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-21698"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-27649"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-27650"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-27651"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2045880"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2066568"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2066840"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2066845"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2070368"
},
{
"type": "ADVISORY",
"url": "https://errata.almalinux.org/8/ALSA-2022-1762.html"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2022-1227"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2022-21698"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2022-27649"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2022-27650"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2022-27651"
}
],
"related": [
"CVE-2022-1227",
"CVE-2022-21698",
"CVE-2022-27649",
"CVE-2022-27650",
"CVE-2022-27651"
],
"summary": "Important: container-tools:rhel8 security, bug fix, and enhancement update"
}
cve-2022-1227
Vulnerability from osv_almalinux
Published
2022-05-10 14:59
Modified
2022-05-10 14:59
Summary
Important: container-tools:3.0 security update
Details
The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc.
Security Fix(es):
- psgo: Privilege escalation in 'podman top' (CVE-2022-1227)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
{
"affected": [
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "buildah"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.19.9-3.module_el8.6.0+2876+9ed4eae2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "buildah-tests"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.19.9-3.module_el8.6.0+2876+9ed4eae2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "cockpit-podman"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "29-2.module_el8.6.0+2876+9ed4eae2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "conmon"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2:2.0.26-1.module_el8.6.0+2876+9ed4eae2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "container-selinux"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2:2.178.0-2.module_el8.6.0+2876+9ed4eae2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "containernetworking-plugins"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.9.1-1.module_el8.6.0+2876+9ed4eae2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "containers-common"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:1.2.4-1.module_el8.6.0+2876+9ed4eae2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "crit"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.15-1.module_el8.6.0+2876+9ed4eae2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "criu"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.15-1.module_el8.6.0+2876+9ed4eae2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "crun"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.18-3.module_el8.6.0+2876+9ed4eae2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "fuse-overlayfs"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.4.0-2.module_el8.6.0+2876+9ed4eae2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "libslirp"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "4.3.1-1.module_el8.6.0+2876+9ed4eae2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "libslirp-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "4.3.1-1.module_el8.6.0+2876+9ed4eae2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "oci-seccomp-bpf-hook"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.2.0-3.module_el8.6.0+2876+9ed4eae2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "podman"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.0.1-9.module_el8.6.0+2886+bfcd65b6"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "podman-catatonit"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.0.1-9.module_el8.6.0+2886+bfcd65b6"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "podman-docker"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.0.1-9.module_el8.6.0+2886+bfcd65b6"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "podman-plugins"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.0.1-9.module_el8.6.0+2886+bfcd65b6"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "podman-remote"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.0.1-9.module_el8.6.0+2886+bfcd65b6"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "podman-tests"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.0.1-9.module_el8.6.0+2886+bfcd65b6"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "python3-criu"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.15-1.module_el8.6.0+2876+9ed4eae2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "runc"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.0.0-73.rc95.module_el8.6.0+2876+9ed4eae2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "skopeo"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:1.2.4-1.module_el8.6.0+2876+9ed4eae2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "skopeo-tests"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:1.2.4-1.module_el8.6.0+2876+9ed4eae2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "slirp4netns"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.1.8-1.module_el8.6.0+2876+9ed4eae2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "toolbox"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.0.99.3-1.module_el8.6.0+2876+9ed4eae2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "toolbox-tests"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.0.99.3-1.module_el8.6.0+2876+9ed4eae2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "udica"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.2.4-1.module_el8.6.0+2876+9ed4eae2"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"details": "The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc.\n\nSecurity Fix(es):\n\n* psgo: Privilege escalation in \u0027podman top\u0027 (CVE-2022-1227)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"id": "ALSA-2022:2143",
"modified": "2022-05-10T14:59:26Z",
"published": "2022-05-10T14:59:29Z",
"references": [
{
"type": "ADVISORY",
"url": "https://errata.almalinux.org/8/ALSA-2022-2143.html"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2022-1227"
}
],
"related": [
"CVE-2022-1227"
],
"summary": "Important: container-tools:3.0 security update"
}
GSD-2022-1227
Vulnerability from gsd - Updated: 2023-12-13 01:19Details
A privilege escalation flaw was found in Podman. This flaw allows an attacker to publish a malicious image to a public registry. Once this image is downloaded by a potential victim, the vulnerability is triggered after a user runs the 'podman top' command. This action gives the attacker access to the host filesystem, leading to information disclosure or denial of service.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2022-1227",
"description": "A privilege escalation flaw was found in Podman. This flaw allows an attacker to publish a malicious image to a public registry. Once this image is downloaded by a potential victim, the vulnerability is triggered after a user runs the \u0027podman top\u0027 command. This action gives the attacker access to the host filesystem, leading to information disclosure or denial of service.",
"id": "GSD-2022-1227",
"references": [
"https://www.suse.com/security/cve/CVE-2022-1227.html",
"https://linux.oracle.com/cve/CVE-2022-1227.html",
"https://access.redhat.com/errata/RHSA-2022:1762",
"https://access.redhat.com/errata/RHSA-2022:2143",
"https://access.redhat.com/errata/RHSA-2022:2190",
"https://access.redhat.com/errata/RHSA-2022:2263",
"https://access.redhat.com/errata/RHSA-2022:4651",
"https://access.redhat.com/errata/RHSA-2022:4816",
"https://access.redhat.com/errata/RHSA-2022:5622"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2022-1227"
],
"details": "A privilege escalation flaw was found in Podman. This flaw allows an attacker to publish a malicious image to a public registry. Once this image is downloaded by a potential victim, the vulnerability is triggered after a user runs the \u0027podman top\u0027 command. This action gives the attacker access to the host filesystem, leading to information disclosure or denial of service.",
"id": "GSD-2022-1227",
"modified": "2023-12-13T01:19:28.524042Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2022-1227",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "psgo",
"version": {
"version_data": [
{
"version_value": "podman 4.0, psgo 1.7.2"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A privilege escalation flaw was found in Podman. This flaw allows an attacker to publish a malicious image to a public registry. Once this image is downloaded by a potential victim, the vulnerability is triggered after a user runs the \u0027podman top\u0027 command. This action gives the attacker access to the host filesystem, leading to information disclosure or denial of service."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-281"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=2070368",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2070368"
},
{
"name": "https://github.com/containers/podman/issues/10941",
"refsource": "MISC",
"url": "https://github.com/containers/podman/issues/10941"
},
{
"name": "FEDORA-2022-5e637f6cc6",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DLUJZV3HBP56ADXU6QH2V7RNYUPMVBXQ/"
}
]
}
},
"gitlab.com": {
"advisories": [
{
"affected_range": "\u003cv4.0.0",
"affected_versions": "All versions before 4.0.0",
"cvss_v2": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"cwe_ids": [
"CWE-1035",
"CWE-269",
"CWE-937"
],
"date": "2022-07-23",
"description": "A privilege escalation flaw was found in Podman. This flaw allows an attacker to publish a malicious image to a public registry. Once this image is downloaded by a potential victim, the vulnerability is triggered after a user runs the \u0027podman top\u0027 command. This action gives the attacker access to the host filesystem, leading to information disclosure or denial of service.",
"fixed_versions": [
"v4.0.0"
],
"identifier": "CVE-2022-1227",
"identifiers": [
"CVE-2022-1227",
"GHSA-66vw-v2x9-hw75"
],
"not_impacted": "",
"package_slug": "go/github.com/containers/podman",
"pubdate": "2022-04-29",
"solution": "Upgrade to version 4.0.0 or above.",
"title": "Podman publishes a malicious image to public registries",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2022-1227",
"https://github.com/containers/podman/issues/10941",
"https://bugzilla.redhat.com/show_bug.cgi?id=2070368",
"https://github.com/advisories/GHSA-66vw-v2x9-hw75"
],
"uuid": "60d5d4cb-5319-488e-b7eb-a1c016c569b3",
"versions": [
{
"commit": {
"sha": "07ac1577a45cae75ae1bc5e792503075c8ce9fdc",
"tags": [
"v4.0.0"
],
"timestamp": "20220217173405"
},
"number": "v4.0.0"
}
]
},
{
"affected_range": "\u003cv1.7.2",
"affected_versions": "All versions before 1.7.2",
"cvss_v2": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"cwe_ids": [
"CWE-1035",
"CWE-269",
"CWE-937"
],
"date": "2023-02-09",
"description": "A privilege escalation flaw was found in Podman. This flaw allows an attacker to publish a malicious image to a public registry. Once this image is downloaded by a potential victim, the vulnerability is triggered after a user runs the \u0027podman top\u0027 command. This action gives the attacker access to the host filesystem, leading to information disclosure or denial of service.",
"fixed_versions": [
"v1.7.2"
],
"identifier": "CVE-2022-1227",
"identifiers": [
"GHSA-66vw-v2x9-hw75",
"CVE-2022-1227"
],
"not_impacted": "All versions starting from 1.7.2",
"package_slug": "go/github.com/containers/psgo",
"pubdate": "2022-04-30",
"solution": "Upgrade to version 1.7.2 or above.",
"title": "Improper Privilege Management",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2022-1227",
"https://github.com/containers/podman/issues/10941",
"https://bugzilla.redhat.com/show_bug.cgi?id=2070368",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DLUJZV3HBP56ADXU6QH2V7RNYUPMVBXQ/",
"https://github.com/containers/psgo/pull/92",
"https://pkg.go.dev/vuln/GO-2022-0558",
"https://github.com/advisories/GHSA-66vw-v2x9-hw75"
],
"uuid": "bd1489cf-9e64-4f8d-afaf-bff705ab0cae",
"versions": [
{
"commit": {
"sha": "3145d6da8a3ca85636b1546e8d19e11118cd6f02",
"tags": [
"v1.7.2"
],
"timestamp": "20220120155222"
},
"number": "v1.7.2"
}
]
},
{
"affected_range": "\u003cv1.7.2",
"affected_versions": "All versions before 1.7.2",
"cvss_v2": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"cwe_ids": [
"CWE-1035",
"CWE-269",
"CWE-937"
],
"date": "2023-02-09",
"description": "A privilege escalation flaw was found in Podman. This flaw allows an attacker to publish a malicious image to a public registry. Once this image is downloaded by a potential victim, the vulnerability is triggered after a user runs the \u0027podman top\u0027 command. This action gives the attacker access to the host filesystem, leading to information disclosure or denial of service.",
"fixed_versions": [
"v1.7.2"
],
"identifier": "CVE-2022-1227",
"identifiers": [
"GHSA-66vw-v2x9-hw75",
"CVE-2022-1227"
],
"not_impacted": "All versions starting from 1.7.2",
"package_slug": "go/github.com/containers/psgo/internal/proc",
"pubdate": "2022-04-30",
"solution": "Upgrade to version 1.7.2 or above.",
"title": "Improper Privilege Management",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2022-1227",
"https://github.com/containers/podman/issues/10941",
"https://bugzilla.redhat.com/show_bug.cgi?id=2070368",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DLUJZV3HBP56ADXU6QH2V7RNYUPMVBXQ/",
"https://github.com/containers/psgo/pull/92",
"https://pkg.go.dev/vuln/GO-2022-0558",
"https://github.com/advisories/GHSA-66vw-v2x9-hw75"
],
"uuid": "a4b7810f-0ef1-48f4-9cf1-55f735e93197",
"versions": [
{
"commit": {
"sha": "3145d6da8a3ca85636b1546e8d19e11118cd6f02",
"tags": [
"v1.7.2"
],
"timestamp": "20220120155222"
},
"number": "v1.7.2"
}
]
}
]
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:podman_project:podman:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "4.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:psgo_project:psgo:*:*:*:*:*:go:*:*",
"cpe_name": [],
"versionEndExcluding": "1.7.2",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:redhat:developer_tools:1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:redhat:quay:3.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:redhat:openshift_container_platform:4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:8.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:8.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:redhat:enterprise_linux_server_update_services_for_sap_solutions:8.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:8.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_eus:8.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2022-1227"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "A privilege escalation flaw was found in Podman. This flaw allows an attacker to publish a malicious image to a public registry. Once this image is downloaded by a potential victim, the vulnerability is triggered after a user runs the \u0027podman top\u0027 command. This action gives the attacker access to the host filesystem, leading to information disclosure or denial of service."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-269"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=2070368",
"refsource": "MISC",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2070368"
},
{
"name": "https://github.com/containers/podman/issues/10941",
"refsource": "MISC",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://github.com/containers/podman/issues/10941"
},
{
"name": "FEDORA-2022-5e637f6cc6",
"refsource": "FEDORA",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DLUJZV3HBP56ADXU6QH2V7RNYUPMVBXQ/"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": true
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
},
"lastModifiedDate": "2022-07-23T10:04Z",
"publishedDate": "2022-04-29T16:15Z"
}
}
}
FKIE_CVE-2022-1227
Vulnerability from fkie_nvd - Published: 2022-04-29 16:15 - Updated: 2024-11-21 06:40
Severity ?
Summary
A privilege escalation flaw was found in Podman. This flaw allows an attacker to publish a malicious image to a public registry. Once this image is downloaded by a potential victim, the vulnerability is triggered after a user runs the 'podman top' command. This action gives the attacker access to the host filesystem, leading to information disclosure or denial of service.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:podman_project:podman:*:*:*:*:*:*:*:*",
"matchCriteriaId": "027F4117-F10C-4D9A-9977-BEB6146AA10A",
"versionEndExcluding": "4.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:psgo_project:psgo:*:*:*:*:*:go:*:*",
"matchCriteriaId": "2C4F3011-92CB-4A09-B338-6ECFA13989E3",
"versionEndExcluding": "1.7.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:developer_tools:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "60937D60-6B78-400F-8D30-7FCF328659A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:enterprise_linux_server_update_services_for_sap_solutions:8.6:*:*:*:*:*:*:*",
"matchCriteriaId": "D4C9BAAE-9D03-4351-B91A-4F01B5C5B131",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:openshift_container_platform:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "932D137F-528B-4526-9A89-CD59FA1AB0FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:quay:3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B1987BDA-0113-4603-B9BE-76647EB043F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "142AD0DD-4CF3-4D74-9442-459CE3347E3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:8.6:*:*:*:*:*:*:*",
"matchCriteriaId": "6C3741B8-851F-475D-B428-523F4F722350",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "566507B6-AC95-47F7-A3FB-C6F414E45F51",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:8.6:*:*:*:*:*:*:*",
"matchCriteriaId": "4063768E-67FA-4940-8A0C-101C1EFD0D7E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B4A684C7-88FD-43C4-9BDB-AE337FCBD0AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:8.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B3D5812D-20DB-4605-9BEA-ED20FAAE673A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.6:*:*:*:*:*:*:*",
"matchCriteriaId": "76C24D94-834A-4E9D-8F73-624AFA99AAA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:8.6:*:*:*:*:*:*:*",
"matchCriteriaId": "871A5C26-DB7B-4870-A5B2-5DD24C90B4A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.6:*:*:*:*:*:*:*",
"matchCriteriaId": "1272DF03-7674-4BD4-8E64-94004B195448",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*",
"matchCriteriaId": "A930E247-0B43-43CB-98FF-6CE7B8189835",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*",
"matchCriteriaId": "80E516C0-98A4-4ADE-B69F-66A772E2BAAA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A privilege escalation flaw was found in Podman. This flaw allows an attacker to publish a malicious image to a public registry. Once this image is downloaded by a potential victim, the vulnerability is triggered after a user runs the \u0027podman top\u0027 command. This action gives the attacker access to the host filesystem, leading to information disclosure or denial of service."
},
{
"lang": "es",
"value": "Se ha encontrado un fallo de escalada de privilegios en Podman. Este fallo permite a un atacante publicar una imagen maliciosa en un registro p\u00fablico. Una vez que esta imagen es descargada por una v\u00edctima potencial, la vulnerabilidad es desencadenada despu\u00e9s de que un usuario ejecute el comando \"podman top\". Esta acci\u00f3n da al atacante acceso al sistema de archivos del host, conllevando a una divulgaci\u00f3n de informaci\u00f3n o la denegaci\u00f3n de servicio"
}
],
"id": "CVE-2022-1227",
"lastModified": "2024-11-21T06:40:17.833",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-04-29T16:15:08.753",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2070368"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://github.com/containers/podman/issues/10941"
},
{
"source": "secalert@redhat.com",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DLUJZV3HBP56ADXU6QH2V7RNYUPMVBXQ/"
},
{
"source": "secalert@redhat.com",
"url": "https://security.netapp.com/advisory/ntap-20240628-0001/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2070368"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://github.com/containers/podman/issues/10941"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DLUJZV3HBP56ADXU6QH2V7RNYUPMVBXQ/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.netapp.com/advisory/ntap-20240628-0001/"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-281"
}
],
"source": "secalert@redhat.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-269"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
GHSA-66VW-V2X9-HW75
Vulnerability from github – Published: 2022-04-30 00:00 – Updated: 2024-09-16 17:22
VLAI?
Summary
Podman publishes a malicious image to public registries
Details
Podman is a tool for managing OCI containers and pods. A privilege escalation flaw was found in Podman. This flaw allows an attacker to publish a malicious image to a public registry. Once this image is downloaded by a potential victim, the vulnerability is triggered after a user runs the 'podman top' command. This action gives the attacker access to the host filesystem, leading to information disclosure or denial of service.
Severity ?
{
"affected": [
{
"package": {
"ecosystem": "Go",
"name": "github.com/containers/podman/v3"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.4"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Go",
"name": "github.com/containers/psgo"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.7.2"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2022-1227"
],
"database_specific": {
"cwe_ids": [
"CWE-269",
"CWE-281"
],
"github_reviewed": true,
"github_reviewed_at": "2022-05-03T06:15:16Z",
"nvd_published_at": "2022-04-29T16:15:00Z",
"severity": "HIGH"
},
"details": "Podman is a tool for managing OCI containers and pods. A privilege escalation flaw was found in Podman. This flaw allows an attacker to publish a malicious image to a public registry. Once this image is downloaded by a potential victim, the vulnerability is triggered after a user runs the \u0027podman top\u0027 command. This action gives the attacker access to the host filesystem, leading to information disclosure or denial of service.",
"id": "GHSA-66vw-v2x9-hw75",
"modified": "2024-09-16T17:22:51Z",
"published": "2022-04-30T00:00:35Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1227"
},
{
"type": "WEB",
"url": "https://github.com/containers/podman/issues/10941"
},
{
"type": "WEB",
"url": "https://github.com/containers/podman/pull/13862"
},
{
"type": "WEB",
"url": "https://github.com/containers/podman/pull/13862/commits/79a3e149c10f74db4cebff624287385c90179d09"
},
{
"type": "WEB",
"url": "https://github.com/containers/psgo/pull/92"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2070368"
},
{
"type": "PACKAGE",
"url": "https://github.com/containers/podman"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DLUJZV3HBP56ADXU6QH2V7RNYUPMVBXQ"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DLUJZV3HBP56ADXU6QH2V7RNYUPMVBXQ"
},
{
"type": "WEB",
"url": "https://pkg.go.dev/vuln/GO-2022-0558"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20240628-0001"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "Podman publishes a malicious image to public registries"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…