Go modules package
github.com/containers/podman/v3
pkg:golang/github.com/containers/podman/v3
Vulnerabilities (6)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-9407 | Med | 4.7 | < 5.2.4 | 5.2.4 | Oct 1, 2024 | A vulnerability exists in the bind-propagation option of the Dockerfile RUN --mount instruction. The system does not properly validate the input passed to this option, allowing users to pass arbitrary parameters to the mount instruction. This issue can be exploited to mount sensi | |
| CVE-2024-3056 | — | <= 5.2.0 | — | Aug 2, 2024 | A flaw was found in Podman. This issue may allow an attacker to create a specially crafted container that, when configured to share the same IPC with at least one other container, can create a large number of IPC resources in /dev/shm. The malicious container will continue to exh | ||
| CVE-2022-2989 | — | < 3.0.1 | 3.0.1 | Sep 13, 2022 | An incorrect handling of the supplementary groups in the Podman container engine might lead to the sensitive information disclosure or possible data modification if an attacker has direct access to the affected container where supplementary groups are used to set access permissio | ||
| CVE-2022-1227 | — | < 3.4 | 3.4 | Apr 29, 2022 | A privilege escalation flaw was found in Podman. This flaw allows an attacker to publish a malicious image to a public registry. Once this image is downloaded by a potential victim, the vulnerability is triggered after a user runs the 'podman top' command. This action gives the a | ||
| CVE-2021-4024 | — | < 3.4.3 | 3.4.3 | Dec 23, 2021 | A flaw was found in podman. The `podman machine` function (used to create and manage Podman virtual machine containing a Podman process) spawns a `gvproxy` process on the host system. The `gvproxy` API is accessible on port 7777 on all IP addresses on the host. If that port is op | ||
| CVE-2021-20199 | — | < 3.0.0 | 3.0.0 | Feb 2, 2021 | Rootless containers run with Podman, receive all traffic with a source IP address of 127.0.0.1 (including from remote hosts). This impacts containerized applications that trust localhost (127.0.01) connections by default and do not require authentication. This issue affects Podma |
- affected < 5.2.4fixed 5.2.4
A vulnerability exists in the bind-propagation option of the Dockerfile RUN --mount instruction. The system does not properly validate the input passed to this option, allowing users to pass arbitrary parameters to the mount instruction. This issue can be exploited to mount sensi
- CVE-2024-3056Aug 2, 2024affected <= 5.2.0
A flaw was found in Podman. This issue may allow an attacker to create a specially crafted container that, when configured to share the same IPC with at least one other container, can create a large number of IPC resources in /dev/shm. The malicious container will continue to exh
- CVE-2022-2989Sep 13, 2022affected < 3.0.1fixed 3.0.1
An incorrect handling of the supplementary groups in the Podman container engine might lead to the sensitive information disclosure or possible data modification if an attacker has direct access to the affected container where supplementary groups are used to set access permissio
- CVE-2022-1227Apr 29, 2022affected < 3.4fixed 3.4
A privilege escalation flaw was found in Podman. This flaw allows an attacker to publish a malicious image to a public registry. Once this image is downloaded by a potential victim, the vulnerability is triggered after a user runs the 'podman top' command. This action gives the a
- CVE-2021-4024Dec 23, 2021affected < 3.4.3fixed 3.4.3
A flaw was found in podman. The `podman machine` function (used to create and manage Podman virtual machine containing a Podman process) spawns a `gvproxy` process on the host system. The `gvproxy` API is accessible on port 7777 on all IP addresses on the host. If that port is op
- CVE-2021-20199Feb 2, 2021affected < 3.0.0fixed 3.0.0
Rootless containers run with Podman, receive all traffic with a source IP address of 127.0.0.1 (including from remote hosts). This impacts containerized applications that trust localhost (127.0.01) connections by default and do not require authentication. This issue affects Podma