{ "document":{ "aggregate_severity":{ "namespace":"https://nvd.nist.gov/vuln-metrics/cvss", "text":"High" }, "category":"csaf_vex", "csaf_version":"2.0", "distribution":{ "tlp":{ "label":"WHITE", "url":"https:/www.first.org/tlp/" } }, "lang":"en", "notes":[ { "text":"podman security update", "category":"general", "title":"Synopsis" }, { "text":"An update for podman is now available for openEuler-22.03-LTS-SP4", "category":"general", "title":"Summary" }, { "text":"Podman manages the entire container ecosystem which includes pods, containers, container images, and container volumes using the libpod library.\n\nSecurity Fix(es):\n\nA flaw was found in Podman, where containers were started incorrectly with non-empty default permissions. A vulnerability was found in Moby (Docker Engine), where containers were started incorrectly with non-empty inheritable Linux process capabilities. This flaw allows an attacker with access to programs with inheritable file capabilities to elevate those capabilities to the permitted set when execve(2) runs.(CVE-2022-27649)\n\nAn incorrect handling of the supplementary groups in the Podman container engine might lead to the sensitive information disclosure or possible data modification if an attacker has direct access to the affected container where supplementary groups are used to set access permissions and is able to execute a binary code in that container.(CVE-2022-2989)\n\nA Time-of-check Time-of-use (TOCTOU) flaw was found in podman. This issue may allow a malicious user to replace a normal file in a volume with a symlink while exporting the volume, allowing for access to arbitrary files on the host file system.(CVE-2023-0778)\n\nIf errors returned from MarshalJSON methods contain user controlled data, they may be used to break the contextual auto-escaping behavior of the html/template package, allowing for subsequent actions to inject unexpected content into templates.(CVE-2024-24785)", "category":"general", "title":"Description" }, { "text":"An update for podman is now available for openEuler-22.03-LTS-SP4.\n\nopenEuler Security has rated this update as having a security impact of high. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.", "category":"general", "title":"Topic" }, { "text":"High", "category":"general", "title":"Severity" }, { "text":"podman", "category":"general", "title":"Affected Component" } ], "publisher":{ "issuing_authority":"openEuler security committee", "name":"openEuler", "namespace":"https://www.openeuler.org", "contact_details":"openeuler-security@openeuler.org", "category":"vendor" }, "references":[ { "summary":"openEuler-SA-2025-1074", "category":"self", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-1074" }, { "summary":"CVE-2022-27649", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2022-27649&packageName=podman" }, { "summary":"CVE-2022-2989", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2022-2989&packageName=podman" }, { "summary":"CVE-2023-0778", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2023-0778&packageName=podman" }, { "summary":"CVE-2024-24785", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-24785&packageName=podman" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2022-27649" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2022-2989" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2023-0778" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-24785" }, { "summary":"openEuler-SA-2025-1074 vex file", "category":"self", "url":"https://repo.openeuler.org/security/data/csaf/advisories/2025/csaf-openeuler-sa-2025-1074.json" } ], "title":"An update for podman is now available for openEuler-22.03-LTS-SP4", "tracking":{ "initial_release_date":"2025-01-24T21:48:47+08:00", "revision_history":[ { "date":"2025-01-24T21:48:47+08:00", "summary":"Initial", "number":"1.0.0" } ], "generator":{ "date":"2025-01-24T21:48:47+08:00", "engine":{ "name":"openEuler CSAF Tool V1.0" } }, "current_release_date":"2025-01-24T21:48:47+08:00", "id":"openEuler-SA-2025-1074", "version":"1.0.0", "status":"final" } }, "product_tree":{ "branches":[ { "name":"openEuler", "category":"vendor", "branches":[ { "name":"openEuler", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" }, "product_id":"openEuler-22.03-LTS-SP4", "name":"openEuler-22.03-LTS-SP4" }, "name":"openEuler-22.03-LTS-SP4", "category":"product_version" } ], "category":"product_name" }, { "name":"aarch64", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" }, "product_id":"podman-3.4.4-8.oe2203sp4.aarch64.rpm", "name":"podman-3.4.4-8.oe2203sp4.aarch64.rpm" }, "name":"podman-3.4.4-8.oe2203sp4.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" }, "product_id":"podman-debuginfo-3.4.4-8.oe2203sp4.aarch64.rpm", "name":"podman-debuginfo-3.4.4-8.oe2203sp4.aarch64.rpm" }, "name":"podman-debuginfo-3.4.4-8.oe2203sp4.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" }, "product_id":"podman-debugsource-3.4.4-8.oe2203sp4.aarch64.rpm", "name":"podman-debugsource-3.4.4-8.oe2203sp4.aarch64.rpm" }, "name":"podman-debugsource-3.4.4-8.oe2203sp4.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" }, "product_id":"podman-gvproxy-3.4.4-8.oe2203sp4.aarch64.rpm", "name":"podman-gvproxy-3.4.4-8.oe2203sp4.aarch64.rpm" }, "name":"podman-gvproxy-3.4.4-8.oe2203sp4.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" }, "product_id":"podman-plugins-3.4.4-8.oe2203sp4.aarch64.rpm", "name":"podman-plugins-3.4.4-8.oe2203sp4.aarch64.rpm" }, "name":"podman-plugins-3.4.4-8.oe2203sp4.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" }, "product_id":"podman-remote-3.4.4-8.oe2203sp4.aarch64.rpm", "name":"podman-remote-3.4.4-8.oe2203sp4.aarch64.rpm" }, "name":"podman-remote-3.4.4-8.oe2203sp4.aarch64.rpm", "category":"product_version" } ], "category":"architecture" }, { "name":"src", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" }, "product_id":"podman-3.4.4-8.oe2203sp4.src.rpm", "name":"podman-3.4.4-8.oe2203sp4.src.rpm" }, "name":"podman-3.4.4-8.oe2203sp4.src.rpm", "category":"product_version" } ], "category":"architecture" }, { "name":"x86_64", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" }, "product_id":"podman-3.4.4-8.oe2203sp4.x86_64.rpm", "name":"podman-3.4.4-8.oe2203sp4.x86_64.rpm" }, "name":"podman-3.4.4-8.oe2203sp4.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" }, "product_id":"podman-debuginfo-3.4.4-8.oe2203sp4.x86_64.rpm", "name":"podman-debuginfo-3.4.4-8.oe2203sp4.x86_64.rpm" }, "name":"podman-debuginfo-3.4.4-8.oe2203sp4.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" }, "product_id":"podman-debugsource-3.4.4-8.oe2203sp4.x86_64.rpm", "name":"podman-debugsource-3.4.4-8.oe2203sp4.x86_64.rpm" }, "name":"podman-debugsource-3.4.4-8.oe2203sp4.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" }, "product_id":"podman-gvproxy-3.4.4-8.oe2203sp4.x86_64.rpm", "name":"podman-gvproxy-3.4.4-8.oe2203sp4.x86_64.rpm" }, "name":"podman-gvproxy-3.4.4-8.oe2203sp4.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" }, "product_id":"podman-plugins-3.4.4-8.oe2203sp4.x86_64.rpm", "name":"podman-plugins-3.4.4-8.oe2203sp4.x86_64.rpm" }, "name":"podman-plugins-3.4.4-8.oe2203sp4.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" }, "product_id":"podman-remote-3.4.4-8.oe2203sp4.x86_64.rpm", "name":"podman-remote-3.4.4-8.oe2203sp4.x86_64.rpm" }, "name":"podman-remote-3.4.4-8.oe2203sp4.x86_64.rpm", "category":"product_version" } ], "category":"architecture" }, { "name":"noarch", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" }, "product_id":"podman-docker-3.4.4-8.oe2203sp4.noarch.rpm", "name":"podman-docker-3.4.4-8.oe2203sp4.noarch.rpm" }, "name":"podman-docker-3.4.4-8.oe2203sp4.noarch.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" }, "product_id":"podman-help-3.4.4-8.oe2203sp4.noarch.rpm", "name":"podman-help-3.4.4-8.oe2203sp4.noarch.rpm" }, "name":"podman-help-3.4.4-8.oe2203sp4.noarch.rpm", "category":"product_version" } ], "category":"architecture" } ] } ], "relationships":[ { "relates_to_product_reference":"openEuler-22.03-LTS-SP4", "product_reference":"podman-3.4.4-8.oe2203sp4.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP4:podman-3.4.4-8.oe2203sp4.aarch64", "name":"podman-3.4.4-8.oe2203sp4.aarch64 as a component of openEuler-22.03-LTS-SP4" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-22.03-LTS-SP4", "product_reference":"podman-debuginfo-3.4.4-8.oe2203sp4.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP4:podman-debuginfo-3.4.4-8.oe2203sp4.aarch64", "name":"podman-debuginfo-3.4.4-8.oe2203sp4.aarch64 as a component of openEuler-22.03-LTS-SP4" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-22.03-LTS-SP4", "product_reference":"podman-debugsource-3.4.4-8.oe2203sp4.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP4:podman-debugsource-3.4.4-8.oe2203sp4.aarch64", "name":"podman-debugsource-3.4.4-8.oe2203sp4.aarch64 as a component of openEuler-22.03-LTS-SP4" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-22.03-LTS-SP4", "product_reference":"podman-gvproxy-3.4.4-8.oe2203sp4.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP4:podman-gvproxy-3.4.4-8.oe2203sp4.aarch64", "name":"podman-gvproxy-3.4.4-8.oe2203sp4.aarch64 as a component of openEuler-22.03-LTS-SP4" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-22.03-LTS-SP4", "product_reference":"podman-plugins-3.4.4-8.oe2203sp4.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP4:podman-plugins-3.4.4-8.oe2203sp4.aarch64", "name":"podman-plugins-3.4.4-8.oe2203sp4.aarch64 as a component of openEuler-22.03-LTS-SP4" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-22.03-LTS-SP4", "product_reference":"podman-remote-3.4.4-8.oe2203sp4.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP4:podman-remote-3.4.4-8.oe2203sp4.aarch64", "name":"podman-remote-3.4.4-8.oe2203sp4.aarch64 as a component of openEuler-22.03-LTS-SP4" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-22.03-LTS-SP4", "product_reference":"podman-3.4.4-8.oe2203sp4.src.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP4:podman-3.4.4-8.oe2203sp4.src", "name":"podman-3.4.4-8.oe2203sp4.src as a component of openEuler-22.03-LTS-SP4" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-22.03-LTS-SP4", "product_reference":"podman-3.4.4-8.oe2203sp4.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP4:podman-3.4.4-8.oe2203sp4.x86_64", "name":"podman-3.4.4-8.oe2203sp4.x86_64 as a component of openEuler-22.03-LTS-SP4" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-22.03-LTS-SP4", "product_reference":"podman-debuginfo-3.4.4-8.oe2203sp4.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP4:podman-debuginfo-3.4.4-8.oe2203sp4.x86_64", "name":"podman-debuginfo-3.4.4-8.oe2203sp4.x86_64 as a component of openEuler-22.03-LTS-SP4" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-22.03-LTS-SP4", "product_reference":"podman-debugsource-3.4.4-8.oe2203sp4.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP4:podman-debugsource-3.4.4-8.oe2203sp4.x86_64", "name":"podman-debugsource-3.4.4-8.oe2203sp4.x86_64 as a component of openEuler-22.03-LTS-SP4" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-22.03-LTS-SP4", "product_reference":"podman-gvproxy-3.4.4-8.oe2203sp4.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP4:podman-gvproxy-3.4.4-8.oe2203sp4.x86_64", "name":"podman-gvproxy-3.4.4-8.oe2203sp4.x86_64 as a component of openEuler-22.03-LTS-SP4" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-22.03-LTS-SP4", "product_reference":"podman-plugins-3.4.4-8.oe2203sp4.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP4:podman-plugins-3.4.4-8.oe2203sp4.x86_64", "name":"podman-plugins-3.4.4-8.oe2203sp4.x86_64 as a component of openEuler-22.03-LTS-SP4" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-22.03-LTS-SP4", "product_reference":"podman-remote-3.4.4-8.oe2203sp4.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP4:podman-remote-3.4.4-8.oe2203sp4.x86_64", "name":"podman-remote-3.4.4-8.oe2203sp4.x86_64 as a component of openEuler-22.03-LTS-SP4" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-22.03-LTS-SP4", "product_reference":"podman-docker-3.4.4-8.oe2203sp4.noarch.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP4:podman-docker-3.4.4-8.oe2203sp4.noarch", "name":"podman-docker-3.4.4-8.oe2203sp4.noarch as a component of openEuler-22.03-LTS-SP4" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-22.03-LTS-SP4", "product_reference":"podman-help-3.4.4-8.oe2203sp4.noarch.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP4:podman-help-3.4.4-8.oe2203sp4.noarch", "name":"podman-help-3.4.4-8.oe2203sp4.noarch as a component of openEuler-22.03-LTS-SP4" }, "category":"default_component_of" } ] }, "vulnerabilities":[ { "cve":"CVE-2022-27649", "notes":[ { "text":"A flaw was found in Podman, where containers were started incorrectly with non-empty default permissions. A vulnerability was found in Moby (Docker Engine), where containers were started incorrectly with non-empty inheritable Linux process capabilities. This flaw allows an attacker with access to programs with inheritable file capabilities to elevate those capabilities to the permitted set when execve(2) runs.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-22.03-LTS-SP4:podman-3.4.4-8.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:podman-debuginfo-3.4.4-8.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:podman-debugsource-3.4.4-8.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:podman-gvproxy-3.4.4-8.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:podman-plugins-3.4.4-8.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:podman-remote-3.4.4-8.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:podman-3.4.4-8.oe2203sp4.src", "openEuler-22.03-LTS-SP4:podman-3.4.4-8.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:podman-debuginfo-3.4.4-8.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:podman-debugsource-3.4.4-8.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:podman-gvproxy-3.4.4-8.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:podman-plugins-3.4.4-8.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:podman-remote-3.4.4-8.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:podman-docker-3.4.4-8.oe2203sp4.noarch", "openEuler-22.03-LTS-SP4:podman-help-3.4.4-8.oe2203sp4.noarch" ] }, "remediations":[ { "product_ids":[ "openEuler-22.03-LTS-SP4:podman-3.4.4-8.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:podman-debuginfo-3.4.4-8.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:podman-debugsource-3.4.4-8.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:podman-gvproxy-3.4.4-8.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:podman-plugins-3.4.4-8.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:podman-remote-3.4.4-8.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:podman-3.4.4-8.oe2203sp4.src", "openEuler-22.03-LTS-SP4:podman-3.4.4-8.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:podman-debuginfo-3.4.4-8.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:podman-debugsource-3.4.4-8.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:podman-gvproxy-3.4.4-8.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:podman-plugins-3.4.4-8.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:podman-remote-3.4.4-8.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:podman-docker-3.4.4-8.oe2203sp4.noarch", "openEuler-22.03-LTS-SP4:podman-help-3.4.4-8.oe2203sp4.noarch" ], "details":"podman security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-1074" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"HIGH", "baseScore":7.5, "vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version":"3.1" }, "products":[ "openEuler-22.03-LTS-SP4:podman-3.4.4-8.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:podman-debuginfo-3.4.4-8.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:podman-debugsource-3.4.4-8.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:podman-gvproxy-3.4.4-8.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:podman-plugins-3.4.4-8.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:podman-remote-3.4.4-8.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:podman-3.4.4-8.oe2203sp4.src", "openEuler-22.03-LTS-SP4:podman-3.4.4-8.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:podman-debuginfo-3.4.4-8.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:podman-debugsource-3.4.4-8.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:podman-gvproxy-3.4.4-8.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:podman-plugins-3.4.4-8.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:podman-remote-3.4.4-8.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:podman-docker-3.4.4-8.oe2203sp4.noarch", "openEuler-22.03-LTS-SP4:podman-help-3.4.4-8.oe2203sp4.noarch" ] } ], "threats":[ { "details":"High", "category":"impact" } ], "title":"CVE-2022-27649" }, { "cve":"CVE-2022-2989", "notes":[ { "text":"An incorrect handling of the supplementary groups in the Podman container engine might lead to the sensitive information disclosure or possible data modification if an attacker has direct access to the affected container where supplementary groups are used to set access permissions and is able to execute a binary code in that container.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-22.03-LTS-SP4:podman-3.4.4-8.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:podman-debuginfo-3.4.4-8.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:podman-debugsource-3.4.4-8.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:podman-gvproxy-3.4.4-8.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:podman-plugins-3.4.4-8.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:podman-remote-3.4.4-8.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:podman-3.4.4-8.oe2203sp4.src", "openEuler-22.03-LTS-SP4:podman-3.4.4-8.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:podman-debuginfo-3.4.4-8.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:podman-debugsource-3.4.4-8.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:podman-gvproxy-3.4.4-8.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:podman-plugins-3.4.4-8.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:podman-remote-3.4.4-8.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:podman-docker-3.4.4-8.oe2203sp4.noarch", "openEuler-22.03-LTS-SP4:podman-help-3.4.4-8.oe2203sp4.noarch" ] }, "remediations":[ { "product_ids":[ "openEuler-22.03-LTS-SP4:podman-3.4.4-8.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:podman-debuginfo-3.4.4-8.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:podman-debugsource-3.4.4-8.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:podman-gvproxy-3.4.4-8.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:podman-plugins-3.4.4-8.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:podman-remote-3.4.4-8.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:podman-3.4.4-8.oe2203sp4.src", "openEuler-22.03-LTS-SP4:podman-3.4.4-8.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:podman-debuginfo-3.4.4-8.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:podman-debugsource-3.4.4-8.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:podman-gvproxy-3.4.4-8.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:podman-plugins-3.4.4-8.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:podman-remote-3.4.4-8.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:podman-docker-3.4.4-8.oe2203sp4.noarch", "openEuler-22.03-LTS-SP4:podman-help-3.4.4-8.oe2203sp4.noarch" ], "details":"podman security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-1074" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"HIGH", "baseScore":7.1, "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "version":"3.1" }, "products":[ "openEuler-22.03-LTS-SP4:podman-3.4.4-8.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:podman-debuginfo-3.4.4-8.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:podman-debugsource-3.4.4-8.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:podman-gvproxy-3.4.4-8.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:podman-plugins-3.4.4-8.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:podman-remote-3.4.4-8.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:podman-3.4.4-8.oe2203sp4.src", "openEuler-22.03-LTS-SP4:podman-3.4.4-8.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:podman-debuginfo-3.4.4-8.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:podman-debugsource-3.4.4-8.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:podman-gvproxy-3.4.4-8.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:podman-plugins-3.4.4-8.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:podman-remote-3.4.4-8.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:podman-docker-3.4.4-8.oe2203sp4.noarch", "openEuler-22.03-LTS-SP4:podman-help-3.4.4-8.oe2203sp4.noarch" ] } ], "threats":[ { "details":"High", "category":"impact" } ], "title":"CVE-2022-2989" }, { "cve":"CVE-2023-0778", "notes":[ { "text":"A Time-of-check Time-of-use (TOCTOU) flaw was found in podman. This issue may allow a malicious user to replace a normal file in a volume with a symlink while exporting the volume, allowing for access to arbitrary files on the host file system.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-22.03-LTS-SP4:podman-3.4.4-8.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:podman-debuginfo-3.4.4-8.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:podman-debugsource-3.4.4-8.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:podman-gvproxy-3.4.4-8.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:podman-plugins-3.4.4-8.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:podman-remote-3.4.4-8.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:podman-3.4.4-8.oe2203sp4.src", "openEuler-22.03-LTS-SP4:podman-3.4.4-8.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:podman-debuginfo-3.4.4-8.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:podman-debugsource-3.4.4-8.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:podman-gvproxy-3.4.4-8.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:podman-plugins-3.4.4-8.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:podman-remote-3.4.4-8.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:podman-docker-3.4.4-8.oe2203sp4.noarch", "openEuler-22.03-LTS-SP4:podman-help-3.4.4-8.oe2203sp4.noarch" ] }, "remediations":[ { "product_ids":[ "openEuler-22.03-LTS-SP4:podman-3.4.4-8.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:podman-debuginfo-3.4.4-8.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:podman-debugsource-3.4.4-8.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:podman-gvproxy-3.4.4-8.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:podman-plugins-3.4.4-8.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:podman-remote-3.4.4-8.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:podman-3.4.4-8.oe2203sp4.src", "openEuler-22.03-LTS-SP4:podman-3.4.4-8.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:podman-debuginfo-3.4.4-8.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:podman-debugsource-3.4.4-8.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:podman-gvproxy-3.4.4-8.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:podman-plugins-3.4.4-8.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:podman-remote-3.4.4-8.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:podman-docker-3.4.4-8.oe2203sp4.noarch", "openEuler-22.03-LTS-SP4:podman-help-3.4.4-8.oe2203sp4.noarch" ], "details":"podman security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-1074" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"MEDIUM", "baseScore":6.8, "vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N", "version":"3.1" }, "products":[ "openEuler-22.03-LTS-SP4:podman-3.4.4-8.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:podman-debuginfo-3.4.4-8.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:podman-debugsource-3.4.4-8.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:podman-gvproxy-3.4.4-8.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:podman-plugins-3.4.4-8.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:podman-remote-3.4.4-8.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:podman-3.4.4-8.oe2203sp4.src", "openEuler-22.03-LTS-SP4:podman-3.4.4-8.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:podman-debuginfo-3.4.4-8.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:podman-debugsource-3.4.4-8.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:podman-gvproxy-3.4.4-8.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:podman-plugins-3.4.4-8.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:podman-remote-3.4.4-8.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:podman-docker-3.4.4-8.oe2203sp4.noarch", "openEuler-22.03-LTS-SP4:podman-help-3.4.4-8.oe2203sp4.noarch" ] } ], "threats":[ { "details":"Medium", "category":"impact" } ], "title":"CVE-2023-0778" }, { "cve":"CVE-2024-24785", "notes":[ { "text":"If errors returned from MarshalJSON methods contain user controlled data, they may be used to break the contextual auto-escaping behavior of the html/template package, allowing for subsequent actions to inject unexpected content into templates.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-22.03-LTS-SP4:podman-3.4.4-8.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:podman-debuginfo-3.4.4-8.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:podman-debugsource-3.4.4-8.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:podman-gvproxy-3.4.4-8.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:podman-plugins-3.4.4-8.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:podman-remote-3.4.4-8.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:podman-3.4.4-8.oe2203sp4.src", "openEuler-22.03-LTS-SP4:podman-3.4.4-8.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:podman-debuginfo-3.4.4-8.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:podman-debugsource-3.4.4-8.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:podman-gvproxy-3.4.4-8.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:podman-plugins-3.4.4-8.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:podman-remote-3.4.4-8.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:podman-docker-3.4.4-8.oe2203sp4.noarch", "openEuler-22.03-LTS-SP4:podman-help-3.4.4-8.oe2203sp4.noarch" ] }, "remediations":[ { "product_ids":[ "openEuler-22.03-LTS-SP4:podman-3.4.4-8.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:podman-debuginfo-3.4.4-8.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:podman-debugsource-3.4.4-8.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:podman-gvproxy-3.4.4-8.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:podman-plugins-3.4.4-8.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:podman-remote-3.4.4-8.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:podman-3.4.4-8.oe2203sp4.src", "openEuler-22.03-LTS-SP4:podman-3.4.4-8.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:podman-debuginfo-3.4.4-8.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:podman-debugsource-3.4.4-8.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:podman-gvproxy-3.4.4-8.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:podman-plugins-3.4.4-8.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:podman-remote-3.4.4-8.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:podman-docker-3.4.4-8.oe2203sp4.noarch", "openEuler-22.03-LTS-SP4:podman-help-3.4.4-8.oe2203sp4.noarch" ], "details":"podman security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-1074" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"MEDIUM", "baseScore":6.5, "vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "version":"3.1" }, "products":[ "openEuler-22.03-LTS-SP4:podman-3.4.4-8.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:podman-debuginfo-3.4.4-8.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:podman-debugsource-3.4.4-8.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:podman-gvproxy-3.4.4-8.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:podman-plugins-3.4.4-8.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:podman-remote-3.4.4-8.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:podman-3.4.4-8.oe2203sp4.src", "openEuler-22.03-LTS-SP4:podman-3.4.4-8.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:podman-debuginfo-3.4.4-8.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:podman-debugsource-3.4.4-8.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:podman-gvproxy-3.4.4-8.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:podman-plugins-3.4.4-8.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:podman-remote-3.4.4-8.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:podman-docker-3.4.4-8.oe2203sp4.noarch", "openEuler-22.03-LTS-SP4:podman-help-3.4.4-8.oe2203sp4.noarch" ] } ], "threats":[ { "details":"Medium", "category":"impact" } ], "title":"CVE-2024-24785" } ] }