A Time-of-check Time-of-use (TOCTOU) flaw was found in podman. This issue may allow a malicious user to replace a normal file in a volume with a symlink while exporting the volume, allowing for access to arbitrary files on the host file system.
The product checks the state of a resource before using that resource, but the resource’s state can change between the check and the use in a way that invalidates the results of the check. This can cause the product to perform invalid actions when the resource is in an unexpected state.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Podman | Podman_project | - (including) | - (including) |
Red Hat Enterprise Linux 8 | RedHat | container-tools:rhel8-8080020230321153727.0f77c1b7 | * |
Red Hat Enterprise Linux 8 | RedHat | container-tools:4.0-8080020230217080101.8108cfbc | * |
Red Hat OpenShift Container Platform 4.13 | RedHat | podman-3:4.4.1-3.rhaos4.13.el9 | * |
Libpod | Ubuntu | kinetic | * |
Libpod | Ubuntu | lunar | * |
Libpod | Ubuntu | mantic | * |
Libpod | Ubuntu | trusty | * |
Libpod | Ubuntu | xenial | * |