Vulnerability Description
A flaw was discovered in Podman where it incorrectly allows containers when created to overwrite existing files in volumes, even if they are mounted as read-only. When a user runs a malicious container or a container based on a malicious image with an attached volume that is used for the first time, it is possible to trigger the flaw and overwrite files in the volume.This issue was introduced in version 1.6.0.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Libpod Project | Libpod | 1.6.0 |
| Redhat | Openshift Container Platform | 4.3 |
| Redhat | Enterprise Linux | 8.0 |
Related Weaknesses (CWE)
References
- http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00097.html
- http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00103.html
- https://access.redhat.com/errata/RHSA-2020:0680
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1726Issue TrackingPatchThird Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00097.html
- http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00103.html
- https://access.redhat.com/errata/RHSA-2020:0680
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1726Issue TrackingPatchThird Party Advisory
FAQ
What is CVE-2020-1726?
CVE-2020-1726 is a vulnerability with a CVSS score of 5.9 (MEDIUM). A flaw was discovered in Podman where it incorrectly allows containers when created to overwrite existing files in volumes, even if they are mounted as read-only. When a user runs a malicious containe...
How severe is CVE-2020-1726?
CVE-2020-1726 has been rated MEDIUM with a CVSS base score of 5.9/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-1726?
Check the references section above for vendor advisories and patch information. Affected products include: Libpod Project Libpod, Redhat Openshift Container Platform, Redhat Enterprise Linux.