CVE-2022-1227 — HIGH (8.8) — White Hats Nepal

Q: How severe is CVE-2022-1227?

CVE-2022-1227 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2022-1227?

Check the references section above for vendor advisories and patch information. Affected products include: Podman Project Podman, Psgo Project Psgo, Redhat Developer Tools, Redhat Enterprise Linux Server Update Services For Sap Solutions, Redhat Openshift Container Platform.

Vulnerability Description

A privilege escalation flaw was found in Podman. This flaw allows an attacker to publish a malicious image to a public registry. Once this image is downloaded by a potential victim, the vulnerability is triggered after a user runs the 'podman top' command. This action gives the attacker access to the host filesystem, leading to information disclosure or denial of service.

CVSS Score

8.8

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Podman Project	Podman	< 4.0.0
Psgo Project	Psgo	< 1.7.2
Redhat	Developer Tools	1.0
Redhat	Enterprise Linux Server Update Services For Sap Solutions	8.6
Redhat	Openshift Container Platform	4.0
Redhat	Quay	3.0.0
Redhat	Enterprise Linux	7.0
Redhat	Enterprise Linux Eus	8.6
Redhat	Enterprise Linux For Ibm Z Systems	7.0
Redhat	Enterprise Linux For Power Little Endian	7.0
Redhat	Enterprise Linux Server	7.0
Redhat	Enterprise Linux Server Aus	8.6
Redhat	Enterprise Linux Server For Power Little Endian Update Services For Sap Solutions	8.6
Redhat	Enterprise Linux Server Tus	8.6
Redhat	Enterprise Linux Workstation	7.0
Fedoraproject	Fedora	34

Related Weaknesses (CWE)

CWE-269 CWE-281

References

https://bugzilla.redhat.com/show_bug.cgi?id=2070368Issue TrackingThird Party Advisory
https://github.com/containers/podman/issues/10941ExploitIssue TrackingThird Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
https://security.netapp.com/advisory/ntap-20240628-0001/
https://bugzilla.redhat.com/show_bug.cgi?id=2070368Issue TrackingThird Party Advisory
https://github.com/containers/podman/issues/10941ExploitIssue TrackingThird Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
https://security.netapp.com/advisory/ntap-20240628-0001/

FAQ

What is CVE-2022-1227?

CVE-2022-1227 is a vulnerability with a CVSS score of 8.8 (HIGH). A privilege escalation flaw was found in Podman. This flaw allows an attacker to publish a malicious image to a public registry. Once this image is downloaded by a potential victim, the vulnerability ...

How severe is CVE-2022-1227?

CVE-2022-1227 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2022-1227?

Check the references section above for vendor advisories and patch information. Affected products include: Podman Project Podman, Psgo Project Psgo, Redhat Developer Tools, Redhat Enterprise Linux Server Update Services For Sap Solutions, Redhat Openshift Container Platform.