podman up to 1.6.x Container authorization

admin

0
文章

0
评论

2023-12-01 16:19:28 Ali_nvd 来源：ZONE.CI 全球网 0 阅读模式

低危 podman up to 1.6.x Container authorization

CVE编号

CVE-2021-20188

利用情况

暂无

补丁情况

官方补丁

披露时间

2021-02-12

漏洞描述

A flaw was found in podman before 1.7.0. File permissions for non-root users running in a privileged container are not correctly checked. This flaw can be abused by a low-privileged user inside the container to access any other file in the container, even if owned by the root user inside the container. It does not allow to directly escape the container, though being a privileged container means that a lot of security features are disabled when running the container. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

解决建议

建议您更新当前系统或软件至最新版，完成漏洞的修复。

参考链接
https://bugzilla.redhat.com/show_bug.cgi?id=1915734

受影响软件情况

1
#	类型	厂商	产品	版本	影响面
	运行在以下环境
	应用	podman_project	podman	*		Up to (excluding) 1.7.0
	运行在以下环境
	应用	redhat	openshift_container_platform	3.11	-
	运行在以下环境
	系统	anolis_os_8	toolbox	*		Up to (excluding) 3.12-9
	运行在以下环境
	系统	anolis_os_8.2	podman-tests	*		Up to (excluding) 0.2.1-2
	运行在以下环境
	系统	centos_7	podman-docker	*		Up to (excluding) 1.6.4-29.el7_9
	运行在以下环境
	系统	centos_8	fuse-overlayfs-debuginfo	*		Up to (excluding) 1.9.3-2.module+el8.2.1+6867+366c07d6
	运行在以下环境
	系统	debian_11	libpod	*		Up to (excluding) 2.0.2+dfsg1-3
	运行在以下环境
	系统	debian_12	libpod	*		Up to (excluding) 2.0.2+dfsg1-3
	运行在以下环境
	系统	debian_sid	libpod	*		Up to (excluding) 2.0.2+dfsg1-3
	运行在以下环境
	系统	kylinos_aarch64_V10SP1	podman	*		Up to (excluding) 0.10.1-8.ky10
	运行在以下环境
	系统	kylinos_x86_64_V10SP1	podman	*		Up to (excluding) 0.10.1-8.ky10
	运行在以下环境
	系统	oracle_8	oraclelinux-release	*		Up to (excluding) 1.11.6-8.0.1.module+el8.3.0+9670+b9fad87d
	运行在以下环境
	系统	redhat_7	podman-docker	*		Up to (excluding) 1.6.4-29.el7_9
	运行在以下环境
	系统	redhat_8	fuse-overlayfs-debuginfo	*		Up to (excluding) 1.9.3-2.module+el8.2.1+6867+366c07d6