CVE-2018-10856

MEDIUM

podman <0.6.1 - Privilege Escalation

Title source: llm

Description

It has been discovered that podman before version 0.6.1 does not drop capabilities when executing a container as a non-root user. This results in unnecessary privileges being granted to the container.

References (3)

[Third Party Advisory] https://access.redhat.com/errata/RHSA-2018:2037

[Issue Tracking, Third Party Advisory] https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10856

[Patch, Third Party Advisory] https://github.com/projectatomic/libpod/commit/bae80a0b663925ec751ad2784ca32989403cdc24

View Patch ZIP pw:eip

Scores

CVSS v3 5.3

EPSS 0.0022

EPSS Percentile 43.9%

Attack Vector LOCAL

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Classification

CWE

CWE-250 CWE-732

Status published

Affected Products (2)

libpod_project/libpod < 0.6.1

containers/podman < 0.6.1Go

Timeline

Published Jul 03, 2018

Tracked Since Feb 18, 2026