2097406 – (CVE-2019-25067) CVE-2019-25067 podman: Privilege escalation in API component

Bug 2097406 (CVE-2019-25067) - CVE-2019-25067 podman: Privilege escalation in API component

Summary: CVE-2019-25067 podman: Privilege escalation in API component

Keywords:
Status:	NEW
Alias:	CVE-2019-25067
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Nobody
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2097496 2097497 2097498 2097499 2097500 2097501 2097502 2097504 2097505 2099943 2099944
Blocks:	2097407
TreeView+	depends on / blocked

Reported:	2022-06-15 15:53 UTC by Pedro Sampaio
Modified:	2023-07-07 08:32 UTC (History)
CC List:	26 users (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description Pedro Sampaio 2022-06-15 15:53:00 UTC

A vulnerability was found in Podman and Varlink 1.5.1. This affects an unknown part of the component API. The manipulation leads to Privilege Escalation. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

References:

https://vuldb.com/?id.143949

Comment 1 Anten Skrabec 2022-06-15 19:43:30 UTC

Created podman tracking bugs for this issue:

Affects: fedora-all [bug 2097496]

Comment 2 Anten Skrabec 2022-06-15 19:43:59 UTC

Created podman tracking bugs for this issue:

Affects: fedora-all [bug 2097497]

Comment 15 Pedro Sampaio 2022-07-04 14:49:29 UTC

Can you check comment#4 please? Thank you.

Note You need to log in before you can comment on or make changes to this bug.

acui
askrabec
bbaude
bmontgom
container-sig
debarshir
dornelas
dwalsh
eparis
jburrell
jligon
jnovy
jokerman
lsm5
mheon
nstielau
patrick
pehunt
pthomas
rh.container.bot
santiago
sponnaga
trathi
tsweeney
umohnani
vkumar