DEBIAN-CVE-2020-1726

See a problem?
Please try reporting it to the source first.

Source

https://security-tracker.debian.org/tracker/CVE-2020-1726

Import Source

https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2020-1726.json

JSON Data

https://api.test.osv.dev/v1/vulns/DEBIAN-CVE-2020-1726

Upstream

CVE-2020-1726

Published

2020-02-11T20:15:12Z

Modified

2025-09-25T22:40:36Z

Severity

5.9 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N CVSS Calculator

Summary

[none]

Details

A flaw was discovered in Podman where it incorrectly allows containers when created to overwrite existing files in volumes, even if they are mounted as read-only. When a user runs a malicious container or a container based on a malicious image with an attached volume that is used for the first time, it is possible to trigger the flaw and overwrite files in the volume.This issue was introduced in version 1.6.0.

References

https://security-tracker.debian.org/tracker/CVE-2020-1726

Affected packages

Debian:11 / libpod

Package

Name: libpod
Purl: pkg:deb/debian/libpod?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.6.4+dfsg1-3

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / libpod

Package

Name: libpod
Purl: pkg:deb/debian/libpod?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.6.4+dfsg1-3

Ecosystem specific

{
    "urgency": "not yet assigned"
}