Main Vulnerability Database Vulnerabilities #VU25983

#VU25983 Permissions, Privileges, and Access Controls in Podman - CVE-2020-1726

Published: March 11, 2020

Vulnerability identifier: #VU25983

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2020-1726

CWE-ID: CWE-264

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:
Podman

Software vendor:
Container Projects

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists in Podman where it incorrectly allows containers when created to overwrite existing files in volumes, even if they are mounted as read-only. When a user runs a malicious container or a container based on a malicious image with an attached volume that is used for the first time, it is possible to trigger the flaw and overwrite files in the volume.T

Remediation

Install updates from vendor's website.

External links

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1726

#VU25983 Permissions, Privileges, and Access Controls in Podman - CVE-2020-1726

Description

Remediation

External links

Please verify you're human