VYPR

Podman

by Podman

Source repositories

CVEs (10)

  • CVE-2024-1753HigMar 18, 2024
    risk 0.56cvss 8.6epss 0.00

    A flaw was found in Buildah (and subsequently Podman Build) which allows containers to mount arbitrary locations on the host filesystem into build containers. A malicious Containerfile can use a dummy image with a symbolic link to the root filesystem as a mount source and cause…

  • CVE-2026-57231Jun 27, 2026
    risk 0.00cvss epss 0.00

    Podman is a tool for managing OCI containers and pods. From 1.8.1 until 5.8.4, a container image that contains a environment variable with just a key and no value can trick podman into passing that variable from the host into the container. This is made worse by the fact that…

  • CVE-2026-55686Jun 18, 2026
    risk 0.00cvss epss 0.00

    ### Summary Running a malicous container image where the WORKDIR path contains a symlink can create a directory or modify ownership on the host filesystem. Modified ownership is less likely to happen as that requires help from an untrusted/malicious process that mutates the…

  • CVE-2024-9676Oct 15, 2024
    risk 0.00cvss epss 0.01

    A vulnerability was found in Podman, Buildah, and CRI-O. A symlink traversal vulnerability in the containers/storage library can cause Podman, Buildah, and CRI-O to hang and result in a denial of service via OOM kill when running a malicious image using an automatically assigned…

  • CVE-2024-3056Aug 2, 2024
    risk 0.00cvss epss 0.01

    A flaw was found in Podman. This issue may allow an attacker to create a specially crafted container that, when configured to share the same IPC with at least one other container, can create a large number of IPC resources in /dev/shm. The malicious container will continue to…

  • CVE-2023-0778Mar 27, 2023
    risk 0.00cvss epss 0.01

    A Time-of-check Time-of-use (TOCTOU) flaw was found in podman. This issue may allow a malicious user to replace a normal file in a volume with a symlink while exporting the volume, allowing for access to arbitrary files on the host file system.

  • CVE-2022-2989Sep 13, 2022
    risk 0.00cvss epss 0.00

    An incorrect handling of the supplementary groups in the Podman container engine might lead to the sensitive information disclosure or possible data modification if an attacker has direct access to the affected container where supplementary groups are used to set access…

  • CVE-2019-25067Jun 9, 2022
    risk 0.00cvss epss 0.02

    A vulnerability, which was classified as critical, was found in Podman and Varlink 1.5.1. This affects an unknown part of the component API. The manipulation leads to Remote Privilege Escalation. It is possible to initiate the attack remotely. The exploit has been disclosed to…

  • CVE-2022-1227Apr 29, 2022
    risk 0.00cvss epss 0.04

    A privilege escalation flaw was found in Podman. This flaw allows an attacker to publish a malicious image to a public registry. Once this image is downloaded by a potential victim, the vulnerability is triggered after a user runs the 'podman top' command. This action gives the…

  • CVE-2019-10152Jul 30, 2019
    risk 0.00cvss epss 0.00

    A path traversal vulnerability has been discovered in podman before version 1.4.0 in the way it handles symlinks inside containers. An attacker who has compromised an existing container can cause arbitrary files on the host filesystem to be read/written when an administrator…