Bug 2070368 (CVE-2022-1227)
Summary: | CVE-2022-1227 psgo: Privilege escalation in 'podman top' | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Nick Tait <ntait> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | high | Docs Contact: | |
Priority: | high | ||
Version: | unspecified | CC: | acui, aos-bugs, bbaude, bbennett, bdettelb, blaise, bmontgom, bradley.g.smith, container-sig, debarshir, dwalsh, ebakerupw, eparis, jakubr, jburrell, jerzhang, jhrozek, jligon, jnovy, jokerman, lbragsta, lsm5, mheon, mrogers, nstielau, n.yaghoobi.s, patrick, pehunt, pthomas, rh.container.bot, rphillips, ryncsn, santiago, sponnaga, tsweeney, umohnani, vkumar, walters, wenshen |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | podman 4.0, psgo 1.7.2 | Doc Type: | If docs needed, set a value |
Doc Text: |
A privilege escalation flaw was found in Podman. This flaw allows an attacker to publish a malicious image to a public registry. Once this image is downloaded by a potential victim, the vulnerability is triggered after a user runs the 'podman top' command. This action gives the attacker access to the host filesystem, leading to information disclosure or denial of service.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2022-12-04 03:33:14 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 2072247, 2072248, 2072249, 2072250, 2072251, 2072252, 2072253, 2072254, 2072255, 2072256, 2072257, 2072258, 2072259, 2072260, 2072261, 2072262, 2072263, 2072264, 2072265, 2072266, 2072267, 2072268, 2072269, 2072270, 2074089, 2074135, 2074136, 2074137, 2074138, 2074139, 2074140, 2074141, 2074142, 2074143, 2074144, 2074145, 2074146, 2074147, 2074148, 2074164, 2074165, 2074725, 2074726, 2074727, 2074728, 2074729, 2074730, 2074731, 2079741, 2082011 | ||
Bug Blocks: | 2044679, 2071612 |
Description
Nick Tait
2022-03-30 23:13:01 UTC
Upstream podman issue: https://github.com/containers/podman/issues/10941 Created podman tracking bugs for this issue: Affects: fedora-all [bug 2074164] Created podman-tui tracking bugs for this issue: Affects: fedora-all [bug 2074165] Created cri-o:1.17/cri-o tracking bugs for this issue: Affects: fedora-all [bug 2074725] Created cri-o:1.18/cri-o tracking bugs for this issue: Affects: fedora-all [bug 2074726] Created cri-o:1.19/cri-o tracking bugs for this issue: Affects: fedora-all [bug 2074727] Created cri-o:1.20/cri-o tracking bugs for this issue: Affects: fedora-all [bug 2074728] Created cri-o:1.21/cri-o tracking bugs for this issue: Affects: fedora-all [bug 2074729] Created cri-o:1.22/cri-o tracking bugs for this issue: Affects: fedora-all [bug 2074730] Created cri-o:nightly/cri-o tracking bugs for this issue: Affects: fedora-all [bug 2074731] This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2022:1762 https://access.redhat.com/errata/RHSA-2022:1762 This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2022:2143 https://access.redhat.com/errata/RHSA-2022:2143 This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Extras Via RHSA-2022:2190 https://access.redhat.com/errata/RHSA-2022:2190 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.2 Extended Update Support Via RHSA-2022:4651 https://access.redhat.com/errata/RHSA-2022:4651 This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.6 Via RHSA-2022:2263 https://access.redhat.com/errata/RHSA-2022:2263 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.4 Extended Update Support Via RHSA-2022:4816 https://access.redhat.com/errata/RHSA-2022:4816 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.4 Extended Update Support Via RHSA-2022:5622 https://access.redhat.com/errata/RHSA-2022:5622 This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2022-1227 |