HIGH✓ PATCH🇵🇱 Wersja polska

CVE-2022-1227

CVSS 8.8v3.1pub. 2022-04-29upd. 2024-11-21

A privilege escalation flaw was found in Podman. This flaw allows an attacker to publish a malicious image to a public registry. Once this image is downloaded by a potential victim, the vulnerability is triggered after a user runs the 'podman top' command. This action gives the attacker access to the host filesystem, leading to information disclosure or denial of service.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
  • Fedora Project Fedora

    OS
    Fedoraproject
    3435
  • Podman Project Podman

    APP
    Podman Project
    < 4.0.0
  • Psgo Project Psgo

    APP
    Psgo Project
    < 1.7.2
  • Red Hat Developer Tools

    APP
    Redhat
    1.0
  • Red Hat Enterprise Linux

    OS
    Redhat
    7.08.0
  • Red Hat Enterprise Linux Eus

    OS
    Redhat
    8.6
  • Red Hat Enterprise Linux For IBM Z Systems

    OS
    Redhat
    7.08.6
  • Red Hat Enterprise Linux For Power Little Endian

    OS
    Redhat
    7.08.6
  • Red Hat Enterprise Linux Server

    OS
    Redhat
    7.0
  • Red Hat Enterprise Linux Server Aus

    OS
    Redhat
    8.6
  • Red Hat Enterprise Linux Server For Power Little Endian Update Services For Sap Solutions

    OS
    Redhat
    8.6
  • Red Hat Enterprise Linux Server Tus

    OS
    Redhat
    8.6
  • Red Hat Enterprise Linux Server Update Services For Sap Solutions

    APP
    Redhat
    8.6
  • Red Hat Enterprise Linux Workstation

    OS
    Redhat
    7.0
  • Red Hat OpenShift Container Platform

    APP
    Redhat
    4.0
  • Red Hat Quay

    APP
    Redhat
    3.0.0
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
Tags
LPEDoS
CWE
References

Related vulnerabilities

CVE-2025-32463CRITICAL9.3⚠ KEVPL ✓ten sam produkt

Sudo: eskalacja uprawnień do root poprzez opcję --chroot (CVE-2025-32463)

CVE-2024-4577CRITICAL9.8⚠ KEVPL ✓ten sam produkt

PHP CGI argument injection – RCE na Windows przez mechanizm Best-Fit

CVE-2024-5274CRITICAL9.6⚠ KEVPL ✓ten sam produkt

Type Confusion w V8 (Google Chrome) — RCE przez spreparowaną stronę HTML

CVE-2024-4947CRITICAL9.6⚠ KEVPL ✓ten sam produkt

Type Confusion w silniku V8 Chrome — zdalne wykonanie kodu (RCE)

CVE-2024-4671CRITICAL9.6⚠ KEVPL ✓ten sam produkt

Use-after-free w Google Chrome Visuals umożliwiający ucieczkę z sandbox