CVE-2019-25067 — Authentication Bypass by Primary Weakness in Project Podman

CWE-305 — Authentication Bypass by Primary Weakness6 documents6 sources

Severity

8.8HIGHNVD

CNA6.3

EPSS

0.8%

top 25.83%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Libpod Project Libpod Podman Project Podman Varlink

Timeline

PublishedJun 9

Latest updateJun 10

Description

A vulnerability, which was classified as critical, was found in Podman and Varlink 1.5.1. This affects an unknown part of the component API. The manipulation leads to Remote Privilege Escalation. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-143949 was assigned to this vulnerability.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages5 packages

▶CVEListV5varlink/varlink1.5.1

▶NVDvarlink/varlink1.5.1

▶CVEListV5podman_project/podman1.5.1

▶NVDpodman_project/podman1.5.1

▶Debianlibpod_project/libpod< 3.0.0+dfsg1-1+1

🔴Vulnerability Details

GHSA

GHSA-vjwp-mggj-92gq: A vulnerability, which was classified as critical, was found in Podman and Varlink 1↗2022-06-10

▶

OSV

CVE-2019-25067: A vulnerability, which was classified as critical, was found in Podman and Varlink 1↗2022-06-09

▶

CVEList

Podman/Varlink API Privilege Escalation↗2022-06-09

▶

📋Vendor Advisories

Red Hat

podman: Privilege escalation in API component↗2019-06-09

▶

Debian

CVE-2019-25067: libpod - A vulnerability, which was classified as critical, was found in Podman and Varli...↗2019

▶