Main Vulnerability Database Vulnerabilities #VU51017

Security restrictions bypass in Podman - CVE-2021-20188

Published: March 2, 2021

Vulnerability identifier: #VU51017

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2021-20188

CWE-ID: CWE-264

Exploitation vector: Local access

Exploit availability: No public exploit available

Vendor: Container Projects

Affected software:
Podman

Detailed vulnerability description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to file permissions for non-root users running in a privileged container are not correctly checked. A local low-privileged user inside the container can access arbitrary files in the container despite file permissions, e.g. even files owned by the root user inside the container are accessible.

Successful exploitation of the vulnerability may allow a local user to escalate privileges on the system.

How to mitigate CVE-2021-20188

Install updates from vendor's website.

Sources

https://bugzilla.redhat.com/show_bug.cgi?id=1915734

Security restrictions bypass in Podman - CVE-2021-20188

Detailed vulnerability description

How to mitigate CVE-2021-20188

Sources

Please verify you're human