CVE-2020-1726

See a problem?

Source

https://nvd.nist.gov/vuln/detail/CVE-2020-1726

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-1726.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2020-1726

Aliases

Related

Published

2020-02-11T20:15:12Z

Modified

2024-09-11T04:35:00.452835Z

Severity

5.9 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N CVSS Calculator

Summary

[none]

Details

A flaw was discovered in Podman where it incorrectly allows containers when created to overwrite existing files in volumes, even if they are mounted as read-only. When a user runs a malicious container or a container based on a malicious image with an attached volume that is used for the first time, it is possible to trigger the flaw and overwrite files in the volume.This issue was introduced in version 1.6.0.

References

Affected packages

Debian:11 / libpod

Package

Name: libpod
Purl: pkg:deb/debian/libpod?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.6.4+dfsg1-3

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / libpod

Package

Name: libpod
Purl: pkg:deb/debian/libpod?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.6.4+dfsg1-3

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / libpod

Package

Name: libpod
Purl: pkg:deb/debian/libpod?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.6.4+dfsg1-3

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / github.com/containers/libpod

Affected ranges

Type: GIT
Repo: https://github.com/containers/libpod
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

ad42af94903ce4f3c3cd0693e4e17e4286bf094b

Last affected

b02b072832cac26d7cc468d713303843d2935a36

Affected versions

v0.*

v0.10.1

v0.10.1.1

v0.10.1.2

v0.10.1.3

v0.11.1

v0.11.1.1

v0.12.1

v0.12.1.1

v0.12.1.2

v0.2

v0.2.1

v0.2.2

v0.3.1

v0.3.2

v0.3.3

v0.3.4

v0.3.5

v0.4.1

v0.4.2

v0.4.3

v0.4.4

v0.5.1

v0.5.2

v0.5.3

v0.5.4

v0.6.1

v0.6.2

v0.6.3

v0.6.4

v0.6.5

v0.7.1

v0.7.2

v0.7.3

v0.7.4

v0.8.1

v0.8.2

v0.8.2.1

v0.8.3

v0.8.4

v0.8.5

v0.9.1

v0.9.1.1

v0.9.2

v0.9.2.1

v0.9.3

v0.9.3.1

v1.*

v1.1.0

v1.1.1

v1.1.2

v1.2.0

v1.3.0

v1.3.1

v1.4.0

v1.4.1

v1.4.2

v1.4.3

v1.4.4

v1.5.0

v1.5.1

v1.6.0

v1.6.0-rc1

v1.6.0-rc2

v1.6.1

v1.6.1-rc1

v1.6.2

v1.6.2-rc1

v1.7.0

v1.7.0-rc1

v1.7.0-rc2

v1.8.0

v1.8.0-rc1

v1.8.1

v1.8.1-rc1

v1.8.1-rc2

v1.8.1-rc3

v1.8.1-rc4

v1.8.2

v1.8.2-rc1

v1.9.0

v1.9.0-rc1

v1.9.0-rc2

v2.*

v2.0.0-rc1

v2.0.0-rc2

v2.0.0-rc3

v2.0.0-rc4

v2.0.0-rc5

v2.0.0-rc6

v2.0.0-rc7

v2.1.0

v2.1.0-rc1

v2.1.0-rc2

v2.2.0-rc1

v2.2.0-rc2

v3.*

v3.1.0-rc1

v3.2.0-rc1

v4.*

v4.0.0-rc1

v4.0.0-rc2

v4.3.0

v4.3.0-rc1