Skip to main content

Libpod

5 CVEs product

Monthly

CVE-2020-1726 Go MEDIUM PATCH This Month

A flaw was discovered in Podman where it incorrectly allows containers when created to overwrite existing files in volumes, even if they are mounted as read-only. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Path Traversal Information Disclosure Libpod Openshift Container Platform Enterprise Linux
NVD
CVSS 3.1
5.9
EPSS
1.8%
CVE-2019-10214 Go MEDIUM PATCH This Month

The containers/image library used by the container tools Podman, Buildah, and Skopeo in Red Hat Enterprise Linux version 8 and CRI-O in OpenShift Container Platform, does not enforce TLS connections. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. This Insufficiently Protected Credentials vulnerability could allow attackers to obtain user credentials due to weak protection mechanisms.

Information Disclosure Red Hat Buildah Libpod Openshift Container Platform +3
NVD
CVSS 3.1
5.9
EPSS
1.6%
CVE-2019-18466 Go MEDIUM POC PATCH This Month

An issue was discovered in Podman in libpod before 1.6.0. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Libpod
NVD GitHub
CVSS 3.1
5.5
EPSS
1.5%
CVE-2019-10152 Go HIGH PATCH This Week

A path traversal vulnerability has been discovered in podman before version 1.4.0 in the way it handles symlinks inside containers. Rated high severity (CVSS 7.2).

Path Traversal Libpod Leap
NVD GitHub
CVSS 3.1
7.2
EPSS
0.5%
CVE-2018-10856 Go HIGH PATCH This Week

It has been discovered that podman before version 0.6.1 does not drop capabilities when executing a container as a non-root user. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Privilege Escalation Libpod
NVD GitHub
CVSS 3.0
8.8
EPSS
0.9%
EPSS 2% CVSS 5.9
MEDIUM PATCH This Month

A flaw was discovered in Podman where it incorrectly allows containers when created to overwrite existing files in volumes, even if they are mounted as read-only. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Path Traversal Information Disclosure Libpod +2
NVD
EPSS 2% CVSS 5.9
MEDIUM PATCH This Month

The containers/image library used by the container tools Podman, Buildah, and Skopeo in Red Hat Enterprise Linux version 8 and CRI-O in OpenShift Container Platform, does not enforce TLS connections. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. This Insufficiently Protected Credentials vulnerability could allow attackers to obtain user credentials due to weak protection mechanisms.

Information Disclosure Red Hat Buildah +5
NVD
EPSS 1% CVSS 5.5
MEDIUM POC PATCH This Month

An issue was discovered in Podman in libpod before 1.6.0. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Libpod
NVD GitHub
EPSS 0% CVSS 7.2
HIGH PATCH This Week

A path traversal vulnerability has been discovered in podman before version 1.4.0 in the way it handles symlinks inside containers. Rated high severity (CVSS 7.2).

Path Traversal Libpod Leap
NVD GitHub
EPSS 1% CVSS 8.8
HIGH PATCH This Week

It has been discovered that podman before version 0.6.1 does not drop capabilities when executing a container as a non-root user. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Privilege Escalation Libpod
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy