Github.Com Containers Podman V3 vulnerabilities

CVE-2024-9407 [MEDIUM] CWE-20 Improper Input Validation in Buildah and Podman Improper Input Validation in Buildah and Podman A vulnerability exists in the bind-propagation option of the Dockerfile RUN --mount instruction. The system does not properly validate the input passed to this option, allowing users to pass arbitrary parameters to the mount instruction. This issue can be exploited to mount sensitive directories from the host into a container during the build process and, in some cases,

CVE-2024-3056 [HIGH] CWE-400 Podman vulnerable to memory-based denial of service Podman vulnerable to memory-based denial of service A flaw was found in Podman. This issue may allow an attacker to create a specially crafted container that, when configured to share the same IPC with at least one other container, can create a large number of IPC resources in /dev/shm. The malicious container will continue to exhaust resources until it is out-of-memory (OOM) killed. While the malicious container's

CVE-2022-2989 [HIGH] CWE-842 Podman's incorrect handling of the supplementary groups may lead to data disclosure, modification Podman's incorrect handling of the supplementary groups may lead to data disclosure, modification An incorrect handling of the supplementary groups in the Podman container engine might lead to the sensitive information disclosure or possible data modification if an attacker has direct access to the affected container where supplementary groups are used to set access per

CVE-2022-1227 [HIGH] CWE-269 Podman publishes a malicious image to public registries Podman publishes a malicious image to public registries Podman is a tool for managing OCI containers and pods. A privilege escalation flaw was found in Podman. This flaw allows an attacker to publish a malicious image to a public registry. Once this image is downloaded by a potential victim, the vulnerability is triggered after a user runs the 'podman top' command. This action gives the attacker access to the h

CVE-2021-4024 [MEDIUM] CWE-200 Exposure of Sensitive Information to an Unauthorized Actor and Origin Validation Error in podman Exposure of Sensitive Information to an Unauthorized Actor and Origin Validation Error in podman A flaw was found in podman. The `podman machine` function (used to create and manage Podman virtual machine containing a Podman process) spawns a `gvproxy` process on the host system. The `gvproxy` API is accessible on port 7777 on all IP addresses on the host. If that port

CVE-2021-20199 [MEDIUM] CWE-200 Podman Origin Validation Error Podman Origin Validation Error Rootless containers run with Podman, receive all traffic with a source IP address of 127.0.0.1 (including from remote hosts). This impacts containerized applications that trust localhost (127.0.01) connections by default and do not require authentication. This issue affects Podman versions from 1.8.0 to 3.0.0.