CVE-2019-25067
Podman/Varlink API Privilege Escalation
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
A vulnerability, which was classified as critical, was found in Podman and Varlink 1.5.1. This affects an unknown part of the component API. The manipulation leads to Remote Privilege Escalation. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-143949 was assigned to this vulnerability.
Se ha encontrado una vulnerabilidad, clasificada como crítica, en Podman y Varlink versión 1.5.1. Esto afecta a una parte desconocida de la API del componente. La manipulación conlleva a una escalada de privilegios. Es posible iniciar el ataque de forma remota. La explotación ha sido revelada al público y puede ser usada
Es wurde eine kritische Schwachstelle in Podman and Varlink 1.5.1 gefunden. Betroffen hiervon ist ein unbekannter Ablauf der Komponente API. Durch die Manipulation mit unbekannten Daten kann eine Remote Privilege Escalation-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff über das Netzwerk. Der Exploit steht zur öffentlichen Verfügung.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2022-06-04 CVE Reserved
- 2022-06-09 CVE Published
- 2024-06-05 EPSS Updated
- 2024-08-05 CVE Updated
- 2024-08-05 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
CAPEC
References (3)
URL | Tag | Source |
---|---|---|
https://github.com/containers/podman/issues/21628 | Issue Tracking | |
https://vuldb.com/?id.143949 | Technical Description |
URL | Date | SRC |
---|---|---|
https://www.exploit-db.com/exploits/47500 | 2024-08-05 |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Podman Project Search vendor "Podman Project" | Podman Search vendor "Podman Project" for product "Podman" | 1.5.1 Search vendor "Podman Project" for product "Podman" and version "1.5.1" | - |
Affected
| ||||||
Varlink Search vendor "Varlink" | Varlink Search vendor "Varlink" for product "Varlink" | 1.5.1 Search vendor "Varlink" for product "Varlink" and version "1.5.1" | - |
Affected
|