Libpod
CVE-2018-10856
HIGH
Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionNVD
It has been discovered that podman before version 0.6.1 does not drop capabilities when executing a container as a non-root user. This results in unnecessary privileges being granted to the container.
AnalysisAI
It has been discovered that podman before version 0.6.1 does not drop capabilities when executing a container as a non-root user. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.
Technical ContextAI
This vulnerability is classified under CWE-250. It has been discovered that podman before version 0.6.1 does not drop capabilities when executing a container as a non-root user. This results in unnecessary privileges being granted to the container. Affected products include: Libpod Project Libpod. Version information: version 0.6.1.
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
An issue was discovered in Podman in libpod before 1.6.0. Rated medium severity (CVSS 5.5), this vulnerability is no aut
A path traversal vulnerability has been discovered in podman before version 1.4.0 in the way it handles symlinks inside
A flaw was discovered in Podman where it incorrectly allows containers when created to overwrite existing files in volum
The containers/image library used by the container tools Podman, Buildah, and Skopeo in Red Hat Enterprise Linux version
Same weakness CWE-250 – Execution with Unnecessary Privileges
View allSame technique Privilege Escalation
View allShare
External POC / Exploit Code
Leaving vuln.today