Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Exploitation requires the victim to run an attacker-supplied image (UI:R); no privileges needed (PR:N), high confidentiality loss of session secrets, no integrity or availability impact.
Primary rating from Vendor (GitHub_M).
CVSS VectorVendor: GitHub_M
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Lifecycle Timeline
3DescriptionCVE.org
Podman is a tool for managing OCI containers and pods. From 1.8.1 until 5.8.4, a container image that contains a environment variable with just a key and no value can trick podman into passing that variable from the host into the container. This is made worse by the fact that using an asterisk (*) will cause podman to pass all host variables into the container. So essentially a malicious image can exfiltrate all podman environment variables that are set in the session from where the container is launched. This vulnerability is fixed in 5.8.4 and 6.0.0.
AnalysisAI
Information disclosure in Podman (1.8.1 through 5.8.3) lets a malicious OCI container image leak host environment variables into the container by embedding an image env entry with a key but no value; an asterisk (*) entry causes Podman to forward ALL host session variables. Because the launching session frequently holds secrets (registry credentials, API tokens, proxy auth), a crafted image run by a victim can harvest them. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Requires the victim to run an attacker-crafted OCI image whose config.Env contains a malformed entry - specifically a bare key with no '=' (e.g. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The published CVSS 3.1 base score is 7.5 (AV:N/AC:L/PR:N/UI:N/C:H/I:N/A:N), reflecting high confidentiality impact with no integrity/availability effect. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker publishes a container image whose config Env list includes an entry like 'HOST*' or '*'. A developer or CI pipeline that has secrets exported in its shell (e.g. … |
| Remediation | Vendor-released patch: upgrade Podman to 5.8.4 (5.x branch) or 6.0.0, which add ParseImageEnvs() validation that rejects image env entries lacking an '=' or with an empty key. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours: Inventory all systems running Podman versions 1.8.1-5.8.3 and document current container image sources and execution practices. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
Same weakness CWE-200 – Information Exposure
View allSame technique Information Disclosure
View allVendor StatusVendor
SUSE
Severity: Important| Product | Status |
|---|---|
| SUSE Linux Enterprise High Performance Computing 15 SP7 | Affected |
| SUSE Linux Enterprise Micro 5.3 | Affected |
| SUSE Linux Enterprise Micro 5.4 | Affected |
| SUSE Linux Enterprise Micro 5.5 | Affected |
| SUSE Linux Enterprise Module for Containers 15 SP7 | Affected |
| SUSE Linux Enterprise Server 15 SP7 | Affected |
| SUSE Linux Enterprise Server 16.0 | Affected |
| SUSE Linux Enterprise Server 16.1 | Affected |
| SUSE Linux Enterprise Server for SAP Applications 15 SP7 | Affected |
| SUSE Linux Enterprise Server for SAP applications 16.0 | Affected |
| SUSE Linux Enterprise Server for SAP applications 16.1 | Affected |
| SUSE Linux Micro 6.0 | Affected |
| SUSE Linux Micro 6.1 | Affected |
| SUSE Linux Micro 6.2 | Affected |
| openSUSE Leap 16.0 | Affected |
| SUSE Linux Enterprise High Performance Computing 15 SP4 | Affected |
| SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS | Affected |
| SUSE Linux Enterprise High Performance Computing 15 SP5 | Affected |
| SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS | Affected |
| SUSE Linux Enterprise Module for Containers 15 SP4 | Affected |
| SUSE Linux Enterprise Module for Containers 15 SP5 | Affected |
| SUSE Linux Enterprise Module for Containers 15 SP6 | Affected |
| SUSE Linux Enterprise Server 15 SP4 | Affected |
| SUSE Linux Enterprise Server 15 SP4-LTSS | Affected |
| SUSE Linux Enterprise Server 15 SP5 | Affected |
| SUSE Linux Enterprise Server 15 SP5-LTSS | Affected |
| SUSE Linux Enterprise Server 15 SP6 | Affected |
| SUSE Linux Enterprise Server 15 SP6-LTSS | Affected |
| SUSE Linux Enterprise Server for SAP Applications 15 SP6 | Affected |
| SUSE Manager Proxy 4.3 | Affected |
| SUSE Manager Retail Branch Server 4.3 | Affected |
| SUSE Manager Server 4.3 | Affected |
| SUSE CaaS Platform 4.0 | Affected |
| SUSE Enterprise Storage 6 | Affected |
| SUSE Enterprise Storage 7 | Affected |
| SUSE Enterprise Storage 7.1 | Affected |
| SUSE Linux Enterprise High Performance Computing 15 SP1 | Affected |
| SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS | Affected |
| SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS | Affected |
| SUSE Linux Enterprise High Performance Computing 15 SP2 | Affected |
| SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS | Affected |
| SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS | Affected |
| SUSE Linux Enterprise High Performance Computing 15 SP3 | Affected |
| SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS | Affected |
| SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS | Affected |
| SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS | Affected |
| SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS | Affected |
| SUSE Linux Enterprise High Performance Computing 15 SP6 | Affected |
| SUSE Linux Enterprise Micro 5.0 | Affected |
| SUSE Linux Enterprise Micro 5.1 | Affected |
| SUSE Linux Enterprise Micro 5.2 | Affected |
| SUSE Linux Enterprise Module for Containers 15 SP1 | Affected |
| SUSE Linux Enterprise Module for Containers 15 SP2 | Affected |
| SUSE Linux Enterprise Module for Containers 15 SP3 | Affected |
| SUSE Linux Enterprise Server 15 SP1 | Affected |
| SUSE Linux Enterprise Server 15 SP1-BCL | Affected |
| SUSE Linux Enterprise Server 15 SP1-LTSS | Affected |
| SUSE Linux Enterprise Server 15 SP2 | Affected |
| SUSE Linux Enterprise Server 15 SP2-BCL | Affected |
| SUSE Linux Enterprise Server 15 SP2-LTSS | Affected |
| SUSE Linux Enterprise Server 15 SP3 | Affected |
| SUSE Linux Enterprise Server 15 SP3-BCL | Affected |
| SUSE Linux Enterprise Server 15 SP3-LTSS | Affected |
| SUSE Linux Enterprise Server for SAP Applications 15 SP1 | Affected |
| SUSE Linux Enterprise Server for SAP Applications 15 SP2 | Affected |
| SUSE Linux Enterprise Server for SAP Applications 15 SP3 | Affected |
| SUSE Linux Enterprise Server for SAP Applications 15 SP4 | Affected |
| SUSE Linux Enterprise Server for SAP Applications 15 SP5 | Affected |
| SUSE Manager Proxy 4.0 | Affected |
| SUSE Manager Proxy 4.1 | Affected |
| SUSE Manager Proxy 4.2 | Affected |
| SUSE Manager Retail Branch Server 4.0 | Affected |
| SUSE Manager Retail Branch Server 4.1 | Affected |
| SUSE Manager Retail Branch Server 4.2 | Affected |
| SUSE Manager Server 4.0 | Affected |
| SUSE Manager Server 4.1 | Affected |
| SUSE Manager Server 4.2 | Affected |
| openSUSE Leap 15.3 | Affected |
| openSUSE Leap 15.4 | Affected |
| openSUSE Leap 15.5 | Affected |
| openSUSE Leap 15.6 | Affected |
| openSUSE Leap Micro 5.2 | Affected |
| openSUSE Leap Micro 5.3 | Affected |
| openSUSE Leap Micro 5.4 | Affected |
| openSUSE Leap Micro 5.5 | Affected |
| SLES-CHOST-BYOS-Aliyun | Affected |
| SLES-CHOST-BYOS-Azure | Affected |
| SLES-CHOST-BYOS-EC2 | Affected |
| SLES-CHOST-BYOS-GCE | Affected |
| SLES-CHOST-BYOS-GDC | Affected |
| SLES-CHOST-BYOS-SAP-CCloud | Affected |
| rancher/elemental-teal-rt/5.4 rancher/elemental-teal/5.4 suse/sle-micro/5.5 | Affected |
Share
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-39807