{"dataType": "CVE_RECORD", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2022-1227", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "dateUpdated": "2024-08-02T23:55:24.597Z", "dateReserved": "2022-04-04T00:00:00", "datePublished": "2022-04-29T15:45:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2024-06-28T16:06:02.042339"}, "descriptions": [{"lang": "en", "value": "A privilege escalation flaw was found in Podman. This flaw allows an attacker to publish a malicious image to a public registry. Once this image is downloaded by a potential victim, the vulnerability is triggered after a user runs the 'podman top' command. This action gives the attacker access to the host filesystem, leading to information disclosure or denial of service."}], "affected": [{"vendor": "n/a", "product": "psgo", "versions": [{"version": "podman 4.0, psgo 1.7.2", "status": "affected"}]}], "references": [{"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2070368"}, {"url": "https://github.com/containers/podman/issues/10941"}, {"name": "FEDORA-2022-5e637f6cc6", "tags": ["vendor-advisory"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DLUJZV3HBP56ADXU6QH2V7RNYUPMVBXQ/"}, {"url": "https://security.netapp.com/advisory/ntap-20240628-0001/"}], "problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-281", "cweId": "CWE-281"}]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T23:55:24.597Z"}, "title": "CVE Program Container", "references": [{"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2070368", "tags": ["x_transferred"]}, {"url": "https://github.com/containers/podman/issues/10941", "tags": ["x_transferred"]}, {"name": "FEDORA-2022-5e637f6cc6", "tags": ["vendor-advisory", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DLUJZV3HBP56ADXU6QH2V7RNYUPMVBXQ/"}, {"url": "https://security.netapp.com/advisory/ntap-20240628-0001/", "tags": ["x_transferred"]}]}]}, "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:podman_project:podman:*:*:*:*:*:*:*:*", "matchCriteriaId": "027F4117-F10C-4D9A-9977-BEB6146AA10A", "versionEndExcluding": "4.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:psgo_project:psgo:*:*:*:*:*:go:*:*", "matchCriteriaId": "2C4F3011-92CB-4A09-B338-6ECFA13989E3", "versionEndExcluding": "1.7.2", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:redhat:developer_tools:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "60937D60-6B78-400F-8D30-7FCF328659A1", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:enterprise_linux_server_update_services_for_sap_solutions:8.6:*:*:*:*:*:*:*", "matchCriteriaId": "D4C9BAAE-9D03-4351-B91A-4F01B5C5B131", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:openshift_container_platform:4.0:*:*:*:*:*:*:*", "matchCriteriaId": "932D137F-528B-4526-9A89-CD59FA1AB0FE", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:quay:3.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "B1987BDA-0113-4603-B9BE-76647EB043F2", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "142AD0DD-4CF3-4D74-9442-459CE3347E3A", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:8.6:*:*:*:*:*:*:*", "matchCriteriaId": "6C3741B8-851F-475D-B428-523F4F722350", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "566507B6-AC95-47F7-A3FB-C6F414E45F51", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:8.6:*:*:*:*:*:*:*", "matchCriteriaId": "4063768E-67FA-4940-8A0C-101C1EFD0D7E", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "B4A684C7-88FD-43C4-9BDB-AE337FCBD0AB", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:8.6:*:*:*:*:*:*:*", "matchCriteriaId": "B3D5812D-20DB-4605-9BEA-ED20FAAE673A", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.6:*:*:*:*:*:*:*", "matchCriteriaId": "76C24D94-834A-4E9D-8F73-624AFA99AAA2", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:8.6:*:*:*:*:*:*:*", "matchCriteriaId": "871A5C26-DB7B-4870-A5B2-5DD24C90B4A7", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.6:*:*:*:*:*:*:*", "matchCriteriaId": "1272DF03-7674-4BD4-8E64-94004B195448", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*", "matchCriteriaId": "A930E247-0B43-43CB-98FF-6CE7B8189835", "vulnerable": true}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*", "matchCriteriaId": "80E516C0-98A4-4ADE-B69F-66A772E2BAAA", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A privilege escalation flaw was found in Podman. This flaw allows an attacker to publish a malicious image to a public registry. Once this image is downloaded by a potential victim, the vulnerability is triggered after a user runs the 'podman top' command. This action gives the attacker access to the host filesystem, leading to information disclosure or denial of service."}, {"lang": "es", "value": "Se ha encontrado un fallo de escalada de privilegios en Podman. Este fallo permite a un atacante publicar una imagen maliciosa en un registro p\u00fablico. Una vez que esta imagen es descargada por una v\u00edctima potencial, la vulnerabilidad es desencadenada despu\u00e9s de que un usuario ejecute el comando \"podman top\". Esta acci\u00f3n da al atacante acceso al sistema de archivos del host, conllevando a una divulgaci\u00f3n de informaci\u00f3n o la denegaci\u00f3n de servicio"}], "id": "CVE-2022-1227", "lastModified": "2024-06-28T16:15:03.017", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-04-29T16:15:08.753", "references": [{"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2070368"}, {"source": "secalert@redhat.com", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"], "url": "https://github.com/containers/podman/issues/10941"}, {"source": "secalert@redhat.com", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DLUJZV3HBP56ADXU6QH2V7RNYUPMVBXQ/"}, {"source": "secalert@redhat.com", "url": "https://security.netapp.com/advisory/ntap-20240628-0001/"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-269"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-281"}], "source": "secalert@redhat.com", "type": "Secondary"}]}

{"acknowledgement": "Red Hat would like to thank Aleksa Sarai (SUSE) for reporting this issue.", "affected_release": [{"advisory": "RHSA-2022:2190", "cpe": "cpe:/a:redhat:rhel_extras_other:7", "package": "podman-0:1.6.4-32.el7_9", "product_name": "Red Hat Enterprise Linux 7 Extras", "release_date": "2022-05-11T00:00:00Z"}, {"advisory": "RHSA-2022:1762", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "container-tools:rhel8-8060020220401155929.2e213529", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2022-05-10T00:00:00Z"}, {"advisory": "RHSA-2022:2143", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "container-tools:3.0-8060020220419093427.3b538bd8", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2022-05-10T00:00:00Z"}, {"advisory": "RHSA-2022:4651", "cpe": "cpe:/a:redhat:rhel_eus:8.2", "package": "container-tools:2.0-8020020220420173758.28c38760", "product_name": "Red Hat Enterprise Linux 8.2 Extended Update Support", "release_date": "2022-05-18T00:00:00Z"}, {"advisory": "RHSA-2022:4816", "cpe": "cpe:/a:redhat:rhel_eus:8.4", "package": "container-tools:3.0-8040020220419093313.c0c392d5", "product_name": "Red Hat Enterprise Linux 8.4 Extended Update Support", "release_date": "2022-05-31T00:00:00Z"}, {"advisory": "RHSA-2022:5622", "cpe": "cpe:/a:redhat:rhel_eus:8.4", "package": "container-tools:rhel8-8040020220623181602.c0c392d5", "product_name": "Red Hat Enterprise Linux 8.4 Extended Update Support", "release_date": "2022-07-19T00:00:00Z"}, {"advisory": "RHSA-2022:2263", "cpe": "cpe:/a:redhat:openshift:4.6::el8", "package": "podman-0:1.9.3-5.rhaos4.6.el8", "product_name": "Red Hat OpenShift Container Platform 4.6", "release_date": "2022-05-26T00:00:00Z"}], "bugzilla": {"description": "psgo: Privilege escalation in 'podman top'", "id": "2070368", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2070368"}, "csaw": false, "cvss3": {"cvss3_base_score": "8.0", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "status": "verified"}, "cwe": "CWE-281", "details": ["A privilege escalation flaw was found in Podman. This flaw allows an attacker to publish a malicious image to a public registry. Once this image is downloaded by a potential victim, the vulnerability is triggered after a user runs the 'podman top' command. This action gives the attacker access to the host filesystem, leading to information disclosure or denial of service.", "A privilege escalation flaw was found in Podman. This flaw allows an attacker to publish a malicious image to a public registry. Once this image is downloaded by a potential victim, the vulnerability is triggered after a user runs the 'podman top' command. This action gives the attacker access to the host filesystem, leading to information disclosure or denial of service."], "name": "CVE-2022-1227", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Affected", "package_name": "container-tools:2.0/podman", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "container-tools:4.0/conmon", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "container-tools:4.0/podman", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "conmon", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "podman", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Under investigation", "package_name": "cri-o", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Affected", "package_name": "openshift4/cnf-tests-rhel8", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Affected", "package_name": "openshift4/file-integrity-rhel8-operator", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openshift4/ose-machine-config-operator", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:quay:3", "fix_state": "Affected", "package_name": "quay/quay-builder-rhel8", "product_name": "Red Hat Quay 3"}], "public_date": "2021-07-15T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2022-1227\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-1227\nhttps://github.com/containers/podman/issues/10941"], "threat_severity": "Important", "upstream_fix": "psgo 1.7.2, podman 4.0"}