CVE-2020-1726 — Files or Directories Accessible to External Parties in Containers Libpod V2
Severity
5.9MEDIUMNVD
EPSS
0.2%
top 62.77%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedFeb 11
Latest updateAug 20
Description
A flaw was discovered in Podman where it incorrectly allows containers when created to overwrite existing files in volumes, even if they are mounted as read-only. When a user runs a malicious container or a container based on a malicious image with an attached volume that is used for the first time, it is possible to trigger the flaw and overwrite files in the volume.This issue was introduced in version 1.6.0.
CVSS vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:NExploitability: 2.2 | Impact: 3.6
Affected Packages7 packages
Also affects: Openshift Container Platform 4.3, Enterprise Linux 8.0
Patches
🔴Vulnerability Details
5OSV▶
Podman has Files or Directories Accessible to External Parties in github.com/containers/libpod↗2024-08-20
CVEList▶
CVE-2020-1726: A flaw was discovered in Podman where it incorrectly allows containers when created to overwrite existing files in volumes, even if they are mounted a↗2020-02-11
OSV▶
CVE-2020-1726: A flaw was discovered in Podman where it incorrectly allows containers when created to overwrite existing files in volumes, even if they are mounted a↗2020-02-11