Vulnerabilities
Misconfiguration
Runtime Security
Compliance
CVE Vulnerabilities

CVE-2020-1726

Files or Directories Accessible to External Parties

Published: Feb 11, 2020 | Modified: Sep 28, 2020
CVSS 3.x
5.9
MEDIUM
Source:
NVD
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
CVSS 2.x
5.8 MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:P
RedHat/V2
RedHat/V3
5.9 LOW
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
Ubuntu
Additional information
NVDhttps://nvd.nist.gov/vuln/detail/CVE-2020-1726
CWEhttps://cwe.mitre.org/data/definitions/552.html

A flaw was discovered in Podman where it incorrectly allows containers when created to overwrite existing files in volumes, even if they are mounted as read-only. When a user runs a malicious container or a container based on a malicious image with an attached volume that is used for the first time, it is possible to trigger the flaw and overwrite files in the volume.This issue was introduced in version 1.6.0.

Weakness

The product makes files or directories accessible to unauthorized actors, even though they should not be.

Affected Software

Name Vendor Start Version End Version
Libpod Libpod_project 1.6.0 1.6.0
Red Hat Enterprise Linux 8 RedHat container-tools:rhel8-8020020200324071414.0d58ad57 *
Red Hat OpenShift Container Platform 4.3 RedHat podman-0:1.6.4-7.el8 *
Podman Ubuntu trusty *

References

Aqua SaaS Plans
The fastest track to get started with Aqua
Start Now
Aqua Security is the largest pure-play cloud native security company, providing customers the freedom to innovate and run their businesses with minimal friction. The Aqua Cloud Native Security Platform provides prevention, detection, and response automation across the entire application lifecycle to secure the build, secure cloud infrastructure and secure running workloads wherever they are deployed.
Copyright © 2022 Aqua Security Software Ltd.   Privacy Policy | Terms of Use