Lucene search

[email protected]NVD:CVE-2020-1726

HistoryFeb 11, 2020 - 8:15 p.m.

CVE-2020-1726

2020-02-1120:15:12

CWE-552

[email protected]

web.nvd.nist.gov

CVSS2

5.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:P/A:P

CVSS3

5.9

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

AI Score

5.7

Confidence

High

EPSS

0.002

Percentile

58.7%

JSON

A flaw was discovered in Podman where it incorrectly allows containers when created to overwrite existing files in volumes, even if they are mounted as read-only. When a user runs a malicious container or a container based on a malicious image with an attached volume that is used for the first time, it is possible to trigger the flaw and overwrite files in the volume.This issue was introduced in version 1.6.0.

Affected configurations

Nvd

Node

libpod_projectlibpodMatch1.6.0-

Node

redhatopenshift_container_platformMatch4.3

redhatenterprise_linuxMatch8.0

VendorProductVersionCPE
libpod_projectlibpod1.6.0cpe:2.3:a:libpod_project:libpod:1.6.0:-:*:*:*:*:*:*
redhatopenshift_container_platform4.3cpe:2.3:a:redhat:openshift_container_platform:4.3:*:*:*:*:*:*:*
redhatenterprise_linux8.0cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
libpod_project	libpod	1.6.0	cpe:2.3:a:libpod_project:libpod:1.6.0:-::::::
redhat	openshift_container_platform	4.3	cpe:2.3:a:redhat:openshift_container_platform:4.3:::::::*
redhat	enterprise_linux	8.0	cpe:2.3:o:redhat:enterprise_linux:8.0:::::::*