Description
It has been discovered that podman before version 0.6.1 does not drop capabilities when executing a container as a non-root user. This results in unnecessary privileges being granted to the container.
References (3)
Core 3
Core References
Issue Tracking, Third Party Advisory x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10856
Patch, Third Party Advisory x_refsource_confirm
https://github.com/projectatomic/libpod/commit/bae80a0b663925ec751ad2784ca32989403cdc24
Third Party Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2018:2037
Scores
CVSS v3
5.3
EPSS
0.0088
EPSS Percentile
54.2%
Attack Vector
LOCAL
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Details
CWE
CWE-250
CWE-732
Status
published
Products (2)
containers/podman
0 - 0.6.1Go
libpod_project/libpod
< 0.6.1
Published
Jul 03, 2018
Tracked Since
Feb 18, 2026