Lucene search
This script is Copyright (C) 2022-2024 and is owned by Tenable, Inc. or an Affiliate thereof.REDHAT-RHSA-2022-4816.NASLHistoryMay 31, 2022 - 12:00 a.m.
RHEL 8 : container-tools:3.0 (RHSA-2022:4816)
2022-05-3100:00:00
This script is Copyright (C) 2022-2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
42
6.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
8.1 High
AI Score
Confidence
High
0.002 Low
EPSS
Percentile
64.9%
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:4816 advisory.
-
psgo: Privilege escalation in ‘podman top’ (CVE-2022-1227)
-
podman: Default inheritable capabilities for linux container should be empty (CVE-2022-27649)
-
buildah: Default inheritable capabilities for linux container should be empty (CVE-2022-27651)
Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.
##
# (C) Tenable, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Red Hat Security Advisory RHSA-2022:4816. The text
# itself is copyright (C) Red Hat, Inc.
##
include('compat.inc');
if (description)
{
script_id(161719);
script_version("1.9");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/04/28");
script_cve_id("CVE-2022-1227", "CVE-2022-27649", "CVE-2022-27651");
script_xref(name:"RHSA", value:"2022:4816");
script_name(english:"RHEL 8 : container-tools:3.0 (RHSA-2022:4816)");
script_set_attribute(attribute:"synopsis", value:
"The remote Red Hat host is missing one or more security updates for container-tools:3.0.");
script_set_attribute(attribute:"description", value:
"The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as
referenced in the RHSA-2022:4816 advisory.
- psgo: Privilege escalation in 'podman top' (CVE-2022-1227)
- podman: Default inheritable capabilities for linux container should be empty (CVE-2022-27649)
- buildah: Default inheritable capabilities for linux container should be empty (CVE-2022-27651)
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
# https://access.redhat.com/security/data/csaf/v2/advisories/2022/rhsa-2022_4816.json
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?1af68722");
script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/updates/classification/#important");
script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2022:4816");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1972343");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2066568");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2066840");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2070368");
script_set_attribute(attribute:"solution", value:
"Update the RHEL container-tools:3.0 package based on the guidance in RHSA-2022:4816.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2022-1227");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_cwe_id(276, 281);
script_set_attribute(attribute:"vendor_severity", value:"Important");
script_set_attribute(attribute:"vuln_publication_date", value:"2022/04/04");
script_set_attribute(attribute:"patch_publication_date", value:"2022/05/31");
script_set_attribute(attribute:"plugin_publication_date", value:"2022/05/31");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:rhel_eus:8.4");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:buildah");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:buildah-tests");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:cockpit-podman");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:conmon");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:container-selinux");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:containernetworking-plugins");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:containers-common");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:crit");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:criu");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:crun");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:fuse-overlayfs");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:libslirp");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:libslirp-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:oci-seccomp-bpf-hook");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:podman");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:podman-catatonit");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:podman-docker");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:podman-plugins");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:podman-remote");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:podman-tests");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:python3-criu");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:runc");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:skopeo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:skopeo-tests");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:slirp4netns");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:toolbox");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:udica");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Red Hat Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2022-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl", "redhat_repos.nasl");
script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
exit(0);
}
include('rpm.inc');
include('rhel.inc');
if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_release = get_kb_item('Host/RedHat/release');
if (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');
var os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:os_release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');
os_ver = os_ver[1];
if (!rhel_check_release(operator: 'eq', os_version: os_ver, rhel_version: '8.4')) audit(AUDIT_OS_NOT, 'Red Hat 8.4', 'Red Hat ' + os_ver);
if (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);
var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu && 'ppc' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);
var appstreams = {
'container-tools:3.0': [
{
'repo_relative_urls': [
'content/aus/rhel8/8.4/x86_64/appstream/debug',
'content/aus/rhel8/8.4/x86_64/appstream/os',
'content/aus/rhel8/8.4/x86_64/appstream/source/SRPMS',
'content/e4s/rhel8/8.4/aarch64/appstream/debug',
'content/e4s/rhel8/8.4/aarch64/appstream/os',
'content/e4s/rhel8/8.4/aarch64/appstream/source/SRPMS',
'content/e4s/rhel8/8.4/ppc64le/appstream/debug',
'content/e4s/rhel8/8.4/ppc64le/appstream/os',
'content/e4s/rhel8/8.4/ppc64le/appstream/source/SRPMS',
'content/e4s/rhel8/8.4/s390x/appstream/debug',
'content/e4s/rhel8/8.4/s390x/appstream/os',
'content/e4s/rhel8/8.4/s390x/appstream/source/SRPMS',
'content/e4s/rhel8/8.4/x86_64/appstream/debug',
'content/e4s/rhel8/8.4/x86_64/appstream/os',
'content/e4s/rhel8/8.4/x86_64/appstream/source/SRPMS',
'content/eus/rhel8/8.4/aarch64/appstream/debug',
'content/eus/rhel8/8.4/aarch64/appstream/os',
'content/eus/rhel8/8.4/aarch64/appstream/source/SRPMS',
'content/eus/rhel8/8.4/ppc64le/appstream/debug',
'content/eus/rhel8/8.4/ppc64le/appstream/os',
'content/eus/rhel8/8.4/ppc64le/appstream/source/SRPMS',
'content/eus/rhel8/8.4/s390x/appstream/debug',
'content/eus/rhel8/8.4/s390x/appstream/os',
'content/eus/rhel8/8.4/s390x/appstream/source/SRPMS',
'content/eus/rhel8/8.4/x86_64/appstream/debug',
'content/eus/rhel8/8.4/x86_64/appstream/os',
'content/eus/rhel8/8.4/x86_64/appstream/source/SRPMS',
'content/tus/rhel8/8.4/x86_64/appstream/debug',
'content/tus/rhel8/8.4/x86_64/appstream/os',
'content/tus/rhel8/8.4/x86_64/appstream/source/SRPMS'
],
'pkgs': [
{'reference':'buildah-1.19.9-1.module+el8.4.0+14872+9efa52a3', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'buildah-tests-1.19.9-1.module+el8.4.0+14872+9efa52a3', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'cockpit-podman-29-2.module+el8.4.0+14872+9efa52a3', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE},
{'reference':'conmon-2.0.26-1.module+el8.4.0+14872+9efa52a3', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},
{'reference':'container-selinux-2.167.0-1.module+el8.4.0+14872+9efa52a3', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},
{'reference':'containernetworking-plugins-0.9.1-1.module+el8.4.0+14872+9efa52a3', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'containers-common-1.2.2-8.module+el8.4.0+14872+9efa52a3', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},
{'reference':'crit-3.15-1.module+el8.4.0+14872+9efa52a3', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'criu-3.15-1.module+el8.4.0+14872+9efa52a3', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'crun-0.18-2.module+el8.4.0+14872+9efa52a3', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'fuse-overlayfs-1.4.0-2.module+el8.4.0+14872+9efa52a3', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'libslirp-4.3.1-1.module+el8.4.0+14872+9efa52a3', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'libslirp-devel-4.3.1-1.module+el8.4.0+14872+9efa52a3', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'oci-seccomp-bpf-hook-1.2.0-1.module+el8.4.0+14872+9efa52a3', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'podman-3.0.1-9.module+el8.4.0+14872+9efa52a3', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'podman-catatonit-3.0.1-9.module+el8.4.0+14872+9efa52a3', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'podman-docker-3.0.1-9.module+el8.4.0+14872+9efa52a3', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'podman-plugins-3.0.1-9.module+el8.4.0+14872+9efa52a3', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'podman-remote-3.0.1-9.module+el8.4.0+14872+9efa52a3', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'podman-tests-3.0.1-9.module+el8.4.0+14872+9efa52a3', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'python3-criu-3.15-1.module+el8.4.0+14872+9efa52a3', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'runc-1.0.0-76.rc95.module+el8.4.0+14872+9efa52a3', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'skopeo-1.2.2-8.module+el8.4.0+14872+9efa52a3', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},
{'reference':'skopeo-tests-1.2.2-8.module+el8.4.0+14872+9efa52a3', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},
{'reference':'slirp4netns-1.1.8-1.module+el8.4.0+14872+9efa52a3', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'toolbox-0.0.8-1.module+el8.4.0+14872+9efa52a3', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'udica-0.2.4-1.module+el8.4.0+14872+9efa52a3', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE}
]
}
]
};
var applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:appstreams, appstreams:TRUE);
if(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);
var module_ver = get_kb_item('Host/RedHat/appstream/container-tools');
if (isnull(module_ver)) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module container-tools:3.0');
if ('3.0' >!< module_ver) audit(AUDIT_PACKAGE_NOT_AFFECTED, 'Module container-tools:' + module_ver);
var flag = 0;
var appstreams_found = 0;
foreach var module (keys(appstreams)) {
var appstream = NULL;
var appstream_name = NULL;
var appstream_version = NULL;
var appstream_split = split(module, sep:':', keep:FALSE);
if (!empty_or_null(appstream_split)) {
appstream_name = appstream_split[0];
appstream_version = appstream_split[1];
if (!empty_or_null(appstream_name)) appstream = get_one_kb_item('Host/RedHat/appstream/' + appstream_name);
}
if (!empty_or_null(appstream) && appstream_version == appstream || appstream_name == 'all') {
appstreams_found++;
foreach var module_array ( appstreams[module] ) {
var repo_relative_urls = NULL;
if (!empty_or_null(module_array['repo_relative_urls'])) repo_relative_urls = module_array['repo_relative_urls'];
foreach var package_array ( module_array['pkgs'] ) {
var reference = NULL;
var _release = NULL;
var sp = NULL;
var _cpu = NULL;
var el_string = NULL;
var rpm_spec_vers_cmp = NULL;
var epoch = NULL;
var allowmaj = NULL;
var exists_check = NULL;
var cves = NULL;
if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
if (!empty_or_null(package_array['release'])) _release = 'RHEL' + package_array['release'];
if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];
if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];
if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];
if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];
if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];
if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];
if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];
if (!empty_or_null(package_array['cves'])) cves = package_array['cves'];
if (reference &&
_release &&
rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&
(applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&
rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj, cves:cves)) flag++;
}
}
}
}
if (!appstreams_found) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module container-tools:3.0');
if (flag)
{
var subscription_caveat = '\n' +
'NOTE: This vulnerability check contains fixes that apply to\n' +
'packages only available in the Red Hat Enterprise Linux\n' +
'Extended Update Support repository.\n' +
'Access to this repository requires a paid RHEL subscription.\n';
var extra = NULL;
if (isnull(applicable_repo_urls) || !applicable_repo_urls) extra = subscription_caveat + rpm_report_get() + redhat_report_repo_caveat();
else extra = subscription_caveat + rpm_report_get();
security_report_v4(
port : 0,
severity : SECURITY_WARNING,
extra : extra
);
exit(0);
}
else
{
var tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'buildah / buildah-tests / cockpit-podman / conmon / etc');
}
| Vendor | Product | Version | CPE |
|---|---|---|---|
| redhat | rhel_eus | 8.4 | cpe:/o:redhat:rhel_eus:8.4 |
| redhat | enterprise_linux | buildah | p-cpe:/a:redhat:enterprise_linux:buildah |
| redhat | enterprise_linux | buildah-tests | p-cpe:/a:redhat:enterprise_linux:buildah-tests |
| redhat | enterprise_linux | cockpit-podman | p-cpe:/a:redhat:enterprise_linux:cockpit-podman |
| redhat | enterprise_linux | conmon | p-cpe:/a:redhat:enterprise_linux:conmon |
| redhat | enterprise_linux | container-selinux | p-cpe:/a:redhat:enterprise_linux:container-selinux |
| redhat | enterprise_linux | containernetworking-plugins | p-cpe:/a:redhat:enterprise_linux:containernetworking-plugins |
| redhat | enterprise_linux | containers-common | p-cpe:/a:redhat:enterprise_linux:containers-common |
| redhat | enterprise_linux | crit | p-cpe:/a:redhat:enterprise_linux:crit |
| redhat | enterprise_linux | criu | p-cpe:/a:redhat:enterprise_linux:criu |
References
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1227
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27649
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27651
www.nessus.org/u?1af68722
access.redhat.com/errata/RHSA-2022:4816
access.redhat.com/security/updates/classification/#important
bugzilla.redhat.com/show_bug.cgi?id=1972343
bugzilla.redhat.com/show_bug.cgi?id=2066568
bugzilla.redhat.com/show_bug.cgi?id=2066840
bugzilla.redhat.com/show_bug.cgi?id=2070368
Related
nessus
nessus
RHEL 8 : container-tools:2.0 (RHSA-2022:4651)
2022-05-19 00:00:00
RHEL 8 : container-tools:2.0 (RHSA-2022:1566)
2022-04-27 00:00:00
CentOS 8 : container-tools:2.0 (CESA-2022:1566)
2022-04-27 00:00:00
redhat
redhat
(RHSA-2022:4651) Important: container-tools:2.0 security update
2022-05-18 12:25:20
(RHSA-2022:4816) Important: container-tools:3.0 security update
2022-05-31 09:59:42
(RHSA-2022:1565) Moderate: container-tools:3.0 security and bug fix update
2022-04-26 13:51:39
osv
osv
Moderate: container-tools:3.0 security and bug fix update
2022-04-26 13:51:39
Moderate: container-tools:3.0 security and bug fix update
2022-04-26 13:51:39
Moderate: container-tools:2.0 security update
2022-04-26 13:51:50
rocky
rocky
container-tools:3.0 security and bug fix update
2022-04-26 13:51:39
container-tools:2.0 security update
2022-04-26 13:51:50
container-tools:rhel8 security, bug fix, and enhancement update
2022-05-10 08:00:01
oraclelinux
oraclelinux
container-tools:2.0 security update
2022-04-28 00:00:00
container-tools:3.0 security and bug fix update
2022-04-28 00:00:00
container-tools:ol8 security, bug fix, and enhancement update
2022-05-17 00:00:00
almalinux
almalinux
Moderate: container-tools:2.0 security update
2022-04-26 13:51:50
Moderate: container-tools:3.0 security and bug fix update
2022-04-26 13:51:39
Important: container-tools:rhel8 security, bug fix, and enhancement update
2022-05-10 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 10 package podman version 4.0.3-alt1
2022-04-08 00:00:00
fedora
fedora
[SECURITY] Fedora 35 Update: podman-3.4.7-1.fc35
2022-04-29 07:11:23
[SECURITY] Fedora 34 Update: podman-3.4.7-1.fc34
2022-05-14 01:24:16
[SECURITY] Fedora 35 Update: buildah-1.23.3-2.fc35
2022-04-07 15:26:50
openvas
openvas
Fedora: Security Advisory for podman (FEDORA-2022-c87047f163)
2022-04-30 00:00:00
Fedora: Security Advisory for podman (FEDORA-2022-5e637f6cc6)
2022-05-15 00:00:00
Fedora: Security Advisory for buildah (FEDORA-2022-224a93852c)
2022-04-08 00:00:00
veracode
veracode
Privilege Escalation
2022-04-06 08:53:19
Denial Of Service (DoS)
2022-04-02 08:56:27
Denial Of Service (DoS)
2022-04-21 17:05:02
alpinelinux
alpinelinux
ubuntucve
ubuntucve
cve
cve
suse
suse
Security update for buildah (moderate)
2022-04-27 00:00:00
Security update for buildah (moderate)
2022-08-05 00:00:00
Security update for podman (important)
2022-08-18 00:00:00
nvd
nvd
cbl_mariner
cbl_mariner
CVE-2022-27649 affecting package podman for versions less than 4.1.1-1
2022-08-03 21:00:10
CVE-2022-27651 affecting package buildah 1.18.0-24
2024-07-03 03:08:37
CVE-2022-27651 affecting package buildah for versions less than 1.18.0-8
2023-02-14 22:19:20
prion
prion
Default credentials
2022-04-04 20:15:00
Design/Logic Flaw
2022-04-04 20:15:00
Information disclosure
2022-04-29 16:15:00
cvelist
cvelist
github
github
Podman's default inheritable capabilities for linux container not empty
2022-04-01 20:52:29
Non-empty default inheritable capabilities for linux container in Buildah
2022-04-01 13:56:42
Podman publishes a malicious image to public registries
2022-04-30 00:00:35
redos
redos
ROS-20230710-01
2023-07-10 00:00:00
debiancve
debiancve
cnvd
cnvd
Podman lifting vulnerability
2022-04-24 00:00:00
githubexploit
githubexploit
Exploit for Improper Preservation of Permissions in Podman Project Podman
2023-04-01 07:28:15
redhatcve
redhatcve
rosalinux
rosalinux
Advisory ROSA-SA-2023-2227
2023-09-05 09:31:53
mageia
mageia
Updated skopeo/buildah/podman packages fix security vulnerability
2023-07-07 08:54:45
6.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
8.1 High
AI Score
Confidence
High
0.002 Low
EPSS
Percentile
64.9%
Related for REDHAT-RHSA-2022-4816.NASL