CVE-2022-1227

CWE-281CWE-269Improper Privilege Management9 documents7 sources
Severity
8.8HIGH
EPSS
33.7%
top 3.05%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
18
Github.com Containers/podman/v3Github.com Containers/psgoPodman Project Podman+15 more
Timeline
PublishedApr 29
Latest updateAug 22

Description

A privilege escalation flaw was found in Podman. This flaw allows an attacker to publish a malicious image to a public registry. Once this image is downloaded by a potential victim, the vulnerability is triggered after a user runs the 'podman top' command. This action gives the attacker access to the host filesystem, leading to information disclosure or denial of service.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages11 packages

NVDpsgo_project/psgo< 1.7.2
Debianlibpod< 3.0.1+dfsg1-3+deb11u2+1

Also affects: Fedora 34, 35, Enterprise Linux 7.0, 8.0, 8.6, Openshift Container Platform 4.0

🔴Vulnerability Details

5
OSV
Privilege escalation in github.com/containers/psgo2022-08-22
GHSA
Podman publishes a malicious image to public registries2022-04-30
OSV
Podman publishes a malicious image to public registries2022-04-30
CVEList
CVE-2022-1227: A privilege escalation flaw was found in Podman2022-04-29
OSV
CVE-2022-1227: A privilege escalation flaw was found in Podman2022-04-29

📋Vendor Advisories

3
Microsoft
A privilege escalation flaw was found in Podman. This flaw allows an attacker to publish a malicious image to a public registry. Once this image is downloaded by a potential victim the vulnerability i2022-04-12
Debian
CVE-2022-1227: golang-github-containers-psgo - A privilege escalation flaw was found in Podman. This flaw allows an attacker to...2022
Red Hat
psgo: Privilege escalation in 'podman top'2021-07-15
CVE-2022-1227 (HIGH CVSS 8.8) | A privilege escalation flaw was fou | cvebase.io