Github.Com Containers Podman vulnerabilities

CVE-2024-9407 [MEDIUM] CWE-20 Improper Input Validation in Buildah and Podman Improper Input Validation in Buildah and Podman A vulnerability exists in the bind-propagation option of the Dockerfile RUN --mount instruction. The system does not properly validate the input passed to this option, allowing users to pass arbitrary parameters to the mount instruction. This issue can be exploited to mount sensitive directories from the host into a container during the build process and, in some cases,

CVE-2024-3056 [HIGH] CWE-400 Podman vulnerable to memory-based denial of service Podman vulnerable to memory-based denial of service A flaw was found in Podman. This issue may allow an attacker to create a specially crafted container that, when configured to share the same IPC with at least one other container, can create a large number of IPC resources in /dev/shm. The malicious container will continue to exhaust resources until it is out-of-memory (OOM) killed. While the malicious container's

CVE-2019-10152 [HIGH] CWE-22 Podman Path Traversal Vulnerability leads to arbitrary file read/write Podman Path Traversal Vulnerability leads to arbitrary file read/write A path traversal vulnerability has been discovered in podman before version 1.4.0 in the way it handles symlinks inside containers. An attacker who has compromised an existing container can cause arbitrary files on the host filesystem to be read/written when an administrator tries to copy a file from/to the container.

CVE-2020-1726 [MEDIUM] CWE-552 Podman has Files or Directories Accessible to External Parties Podman has Files or Directories Accessible to External Parties A flaw was discovered in Podman where it incorrectly allows containers when created to overwrite existing files in volumes, even if they are mounted as read-only. When a user runs a malicious container or a container based on a malicious image with an attached volume that is used for the first time, it is possible to trigger the flaw and ov

CVE-2018-10856 [HIGH] CWE-732 Podman Elevated Container Privileges Podman Elevated Container Privileges It has been discovered that podman before version 0.6.1 does not drop capabilities when executing a container as a non-root user. This results in unnecessary privileges being granted to the container.