Libpod
CVE-2020-1726
MEDIUM
Severity by source
AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
Lifecycle Timeline
1DescriptionNVD
A flaw was discovered in Podman where it incorrectly allows containers when created to overwrite existing files in volumes, even if they are mounted as read-only. When a user runs a malicious container or a container based on a malicious image with an attached volume that is used for the first time, it is possible to trigger the flaw and overwrite files in the volume.This issue was introduced in version 1.6.0.
AnalysisAI
A flaw was discovered in Podman where it incorrectly allows containers when created to overwrite existing files in volumes, even if they are mounted as read-only. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.
Technical ContextAI
This vulnerability is classified under CWE-552. A flaw was discovered in Podman where it incorrectly allows containers when created to overwrite existing files in volumes, even if they are mounted as read-only. When a user runs a malicious container or a container based on a malicious image with an attached volume that is used for the first time, it is possible to trigger the flaw and overwrite files in the volume.This issue was introduced in version 1.6.0. Affected products include: Libpod Project Libpod, Redhat Openshift Container Platform, Redhat Enterprise Linux. Version information: version 1.6.0..
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
An issue was discovered in Podman in libpod before 1.6.0. Rated medium severity (CVSS 5.5), this vulnerability is no aut
It has been discovered that podman before version 0.6.1 does not drop capabilities when executing a container as a non-r
A path traversal vulnerability has been discovered in podman before version 1.4.0 in the way it handles symlinks inside
The containers/image library used by the container tools Podman, Buildah, and Skopeo in Red Hat Enterprise Linux version
Same technique Path Traversal
View allShare
External POC / Exploit Code
Leaving vuln.today