CVE-2020-1726
MEDIUM5.9EPSS 0.45%Podman has Files or Directories Accessible to External Parties in github.com/containers/libpod
發布日:2022/5/24修改日:2026/4/28
也稱為:DEBIAN-CVE-2020-1726
描述
A flaw was discovered in Podman where it incorrectly allows containers when created to overwrite existing files in volumes, even if they are mounted as read-only. When a user runs a malicious container or a container based on a malicious image with an attached volume that is used for the first time, it is possible to trigger the flaw and overwrite files in the volume.This issue was introduced in version 1.6.0.
受影響套件(5)
- Debian/libpodfrom 0, < 1.6.4+dfsg1-3
- Go/github.com/containers/libpod>= 1.6.0
- Go/github.com/containers/libpod/v2from 0, < 2.0.6
- Go/github.com/containers/podman>= 1.6.0, < 2.0.6
- Go/github.com/containers/podman/v2from 0, < 2.0.6
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM5.9 | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N |
參考連結(12)
- ADVISORYhttps://github.com/advisories/GHSA-vmhj-p9hw-vgrf
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2020-1726
- ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2020-1726
- PATCHhttps://github.com/containers/podman
- WEBhttp://lists.opensuse.org/opensuse-security-announce/2020-09/msg00097.html
- WEBhttp://lists.opensuse.org/opensuse-security-announce/2020-09/msg00103.html
- WEBhttps://access.redhat.com/errata/RHSA-2020:0680
- WEBhttps://access.redhat.com/errata/RHSA-2020:1650
- WEBhttps://access.redhat.com/security/cve/CVE-2020-1726
- WEBhttps://bugzilla.redhat.com/show_bug.cgi?id=1801152
- WEBhttps://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1726
- WEBhttps://github.com/containers/podman/commit/c140ecdc9b416ab4efd4d21d14acd63b6adbdd42