CVE-2020-1726
podman: incorrectly allows existing files in volumes to be overwritten by a container when it is created
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
A flaw was discovered in Podman where it incorrectly allows containers when created to overwrite existing files in volumes, even if they are mounted as read-only. When a user runs a malicious container or a container based on a malicious image with an attached volume that is used for the first time, it is possible to trigger the flaw and overwrite files in the volume.This issue was introduced in version 1.6.0.
Se detectó un fallo en Podman donde permite incorrectamente que los contenedores cuando se crean sobrescriban los archivos existentes en volúmenes, incluso si están montados como de solo lectura. Cuando un usuario ejecuta un contenedor malicioso o un contenedor basado en una imagen maliciosa con un volumen adjunto que se usa por primera vez, es posible desencadenar el fallo y sobrescribir archivos en el volumen. Este problema fue introducido en la versión 1.6.0.
A flaw was discovered in Podman where it incorrectly allows containers when created to overwrite existing files in volumes, even if they are mounted as read-only. When a user runs a malicious container or a container based on a malicious image with an attached volume that is used for the first time, it is possible to trigger the flaw and overwrite files in the volume.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2019-11-27 CVE Reserved
- 2020-02-11 CVE Published
- 2023-12-16 EPSS Updated
- 2024-08-04 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-552: Files or Directories Accessible to External Parties
CAPEC
References (6)
URL | Tag | Source |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1726 | 2023-02-12 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Libpod Project Search vendor "Libpod Project" | Libpod Search vendor "Libpod Project" for product "Libpod" | 1.6.0 Search vendor "Libpod Project" for product "Libpod" and version "1.6.0" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Openshift Container Platform Search vendor "Redhat" for product "Openshift Container Platform" | 4.3 Search vendor "Redhat" for product "Openshift Container Platform" and version "4.3" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux" | 8.0 Search vendor "Redhat" for product "Enterprise Linux" and version "8.0" | - |
Affected
|