QwikSec

Security Database

CVE

CWE

Training

CVE-2022-1227

Published: Apr 29, 2022

Modified: Aug 2, 2024

PUBLISHED

Description

A privilege escalation flaw was found in Podman. This flaw allows an attacker to publish a malicious image to a public registry. Once this image is downloaded by a potential victim, the vulnerability is triggered after a user runs the 'podman top' command. This action gives the attacker access to the host filesystem, leading to information disclosure or denial of service.

Vendor	Product	Versions
n/a	psgo	affected `podman 4.0, psgo 1.7.2`

Weaknesses (CWE)

References

https://bugzilla.redhat.com/show_bug.cgi?id=2070368

https://github.com/containers/podman/issues/10941

FEDORA-2022-5e637f6cc6

vendor-advisory

https://security.netapp.com/advisory/ntap-20240628-0001/

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.