CVE-2020-1726
Podman has Files or Directories Accessible to External Parties in github.com/containers/libpod
5.9
MEDIUM
CVSS 3.1
EPSS 0.45%
Description
A flaw was discovered in Podman where it incorrectly allows containers when created to overwrite existing files in volumes, even if they are mounted as read-only. When a user runs a malicious container or a container based on a malicious image with an attached volume that is used for the first time, it is possible to trigger the flaw and overwrite files in the volume.This issue was introduced in version 1.6.0.
How to fix CVE-2020-1726
To remediate CVE-2020-1726, upgrade the affected package to a fixed version below.
- —upgrade to 1.6.4+dfsg1-3 or later
- —no fix listed
- —upgrade to 2.0.6 or later
- —upgrade to 2.0.6 or later
- —upgrade to 2.0.6 or later
Is CVE-2020-1726 being exploited?
Low — EPSS is 0.4%, meaning exploitation activity has not been observed at scale.
Affected packages (5)
- from 0, < 1.6.4+dfsg1-3
- >= 1.6.0
- from 0, < 2.0.6
- >= 1.6.0, < 2.0.6
- from 0, < 2.0.6
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM5.9 | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N |