CVE-2022-1227

HIGH

Podman < 4.0.0 - Improper Privilege Management

Title source: rule

Description

A privilege escalation flaw was found in Podman. This flaw allows an attacker to publish a malicious image to a public registry. Once this image is downloaded by a potential victim, the vulnerability is triggered after a user runs the 'podman top' command. This action gives the attacker access to the host filesystem, leading to information disclosure or denial of service.

Exploits (1)

nomisec WORKING POC 1 stars

by LouisLiuNova · poc

https://github.com/LouisLiuNova/CVE-2022-1227_Exploit

View Code ZIP pw:eip

References (4)

[Issue Tracking, Third Party Advisory] https://bugzilla.redhat.com/show_bug.cgi?id=2070368

[Exploit, Issue Tracking, Third Party Advisory] https://github.com/containers/podman/issues/10941

[Vendor Advisory] https://security.netapp.com/advisory/ntap-20240628-0001/

[Mailing List, Third Party Advisory] https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DLUJZV3HBP56ADXU6QH2V7RNYUPMVBXQ/

Scores

CVSS v3 8.8

EPSS 0.3372

EPSS Percentile 97.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE

CWE-269 CWE-281

Status published

Products (22)

containers/podman 0 - 3.4Go

containers/psgo 0 - 1.7.2Go

fedoraproject/fedora 34

fedoraproject/fedora 35

podman_project/podman < 4.0.0

psgo_project/psgo < 1.7.2

redhat/developer_tools 1.0

redhat/enterprise_linux 7.0

redhat/enterprise_linux 8.0

redhat/enterprise_linux_eus 8.6

... and 12 more

Published Apr 29, 2022

Tracked Since Feb 18, 2026