Libpod
Monthly
A flaw was discovered in Podman where it incorrectly allows containers when created to overwrite existing files in volumes, even if they are mounted as read-only. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.
The containers/image library used by the container tools Podman, Buildah, and Skopeo in Red Hat Enterprise Linux version 8 and CRI-O in OpenShift Container Platform, does not enforce TLS connections. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. This Insufficiently Protected Credentials vulnerability could allow attackers to obtain user credentials due to weak protection mechanisms.
An issue was discovered in Podman in libpod before 1.6.0. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.
A path traversal vulnerability has been discovered in podman before version 1.4.0 in the way it handles symlinks inside containers. Rated high severity (CVSS 7.2).
It has been discovered that podman before version 0.6.1 does not drop capabilities when executing a container as a non-root user. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.
A flaw was discovered in Podman where it incorrectly allows containers when created to overwrite existing files in volumes, even if they are mounted as read-only. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.
The containers/image library used by the container tools Podman, Buildah, and Skopeo in Red Hat Enterprise Linux version 8 and CRI-O in OpenShift Container Platform, does not enforce TLS connections. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. This Insufficiently Protected Credentials vulnerability could allow attackers to obtain user credentials due to weak protection mechanisms.
An issue was discovered in Podman in libpod before 1.6.0. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.
A path traversal vulnerability has been discovered in podman before version 1.4.0 in the way it handles symlinks inside containers. Rated high severity (CVSS 7.2).
It has been discovered that podman before version 0.6.1 does not drop capabilities when executing a container as a non-root user. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.