GHSA-vmhj-p9hw-vgrf

Suggest an improvement
Source
https://github.com/advisories/GHSA-vmhj-p9hw-vgrf
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-vmhj-p9hw-vgrf/GHSA-vmhj-p9hw-vgrf.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-vmhj-p9hw-vgrf
Aliases
Published
2022-05-24T17:08:34Z
Modified
2024-08-20T20:58:37.995214Z
Severity
  • 5.9 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N CVSS Calculator
Summary
Podman has Files or Directories Accessible to External Parties
Details

A flaw was discovered in Podman where it incorrectly allows containers when created to overwrite existing files in volumes, even if they are mounted as read-only. When a user runs a malicious container or a container based on a malicious image with an attached volume that is used for the first time, it is possible to trigger the flaw and overwrite files in the volume. This issue was introduced in version 1.6.0.

Database specific
{
    "nvd_published_at": "2020-02-11T20:15:00Z",
    "github_reviewed_at": "2023-02-08T18:07:43Z",
    "severity": "MODERATE",
    "github_reviewed": true,
    "cwe_ids": [
        "CWE-552"
    ]
}
References

Affected packages

Go / github.com/containers/podman

Package

Name
github.com/containers/podman
View open source insights on deps.dev
Purl
pkg:golang/github.com/containers/podman

Affected ranges

Type
SEMVER
Events
Introduced
1.6.0
Fixed
2.0.6

Go / github.com/containers/podman/v2

Package

Name
github.com/containers/podman/v2
View open source insights on deps.dev
Purl
pkg:golang/github.com/containers/podman/v2

Affected ranges

Type
SEMVER
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.0.6