CVE Vulnerabilities

CVE-2020-1726

Files or Directories Accessible to External Parties

Published: Feb 11, 2020 | Modified: Sep 28, 2020
CVSS 3.x
5.9
MEDIUM
Source:
NVD
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
CVSS 2.x
5.8 MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:P
RedHat/V2
RedHat/V3
5.9 LOW
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
Ubuntu

A flaw was discovered in Podman where it incorrectly allows containers when created to overwrite existing files in volumes, even if they are mounted as read-only. When a user runs a malicious container or a container based on a malicious image with an attached volume that is used for the first time, it is possible to trigger the flaw and overwrite files in the volume.This issue was introduced in version 1.6.0.

Weakness

The product makes files or directories accessible to unauthorized actors, even though they should not be.

Affected Software

Name Vendor Start Version End Version
Libpod Libpod_project 1.6.0 1.6.0
Red Hat Enterprise Linux 8 RedHat container-tools:rhel8-8020020200324071414.0d58ad57 *
Red Hat OpenShift Container Platform 4.3 RedHat podman-0:1.6.4-7.el8 *
Podman Ubuntu trusty *

References