CVE-2022-1227: Improper Privilege Management
(updated )
A privilege escalation flaw was found in Podman. This flaw allows an attacker to publish a malicious image to a public registry. Once this image is downloaded by a potential victim, the vulnerability is triggered after a user runs the ‘podman top’ command. This action gives the attacker access to the host filesystem, leading to information disclosure or denial of service.
References
- bugzilla.redhat.com/show_bug.cgi?id=2070368
- github.com/advisories/GHSA-66vw-v2x9-hw75
- github.com/containers/podman/issues/10941
- github.com/containers/psgo/pull/92
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DLUJZV3HBP56ADXU6QH2V7RNYUPMVBXQ/
- nvd.nist.gov/vuln/detail/CVE-2022-1227
- pkg.go.dev/vuln/GO-2022-0558
Detect and mitigate CVE-2022-1227 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →