x/vulndb: potential Go vuln in github.com/containers/libpod: GHSA-9h63-7qf6-mv6r #641

julieqiu · 2022-08-01T18:19:10Z

In GitHub Security Advisory GHSA-9h63-7qf6-mv6r, there is a vulnerability in the following Go packages or modules:

Unit	Fixed	Vulnerable Ranges
github.com/containers/libpod	1.7.0	< 1.7.0

See doc/triage.md for instructions on how to triage this report.

packages:
  - package: github.com/containers/libpod
    versions:
      - fixed: 1.7.0
description: A flaw was found in podman before 1.7.0. File permissions for non-root
    users running in a privileged container are not correctly checked. This flaw can
    be abused by a low-privileged user inside the container to access any other file
    in the container, even if owned by the root user inside the container. It does
    not allow to directly escape the container, though being a privileged container
    means that a lot of security features are disabled when running the container.
    The highest threat from this vulnerability is to data confidentiality and integrity
    as well as system availability.
published: 2021-05-18T18:33:12Z
last_modified: 2021-05-18T18:33:12Z
cves:
  - CVE-2021-20188
ghsas:
  - GHSA-9h63-7qf6-mv6r
links:
    context:
      - https://github.com/advisories/GHSA-9h63-7qf6-mv6r

The text was updated successfully, but these errors were encountered:

gopherbot · 2024-06-14T19:55:04Z

Change https://go.dev/cl/592770 mentions this issue: data/reports: unexclude 50 reports

gopherbot · 2024-08-20T19:37:51Z

Change https://go.dev/cl/607222 mentions this issue: data/reports: unexclude 20 reports (20)

- data/reports/GO-2022-0609.yaml - data/reports/GO-2022-0611.yaml - data/reports/GO-2022-0612.yaml - data/reports/GO-2022-0615.yaml - data/reports/GO-2022-0616.yaml - data/reports/GO-2022-0617.yaml - data/reports/GO-2022-0618.yaml - data/reports/GO-2022-0620.yaml - data/reports/GO-2022-0622.yaml - data/reports/GO-2022-0623.yaml - data/reports/GO-2022-0625.yaml - data/reports/GO-2022-0626.yaml - data/reports/GO-2022-0630.yaml - data/reports/GO-2022-0631.yaml - data/reports/GO-2022-0632.yaml - data/reports/GO-2022-0634.yaml - data/reports/GO-2022-0636.yaml - data/reports/GO-2022-0638.yaml - data/reports/GO-2022-0640.yaml - data/reports/GO-2022-0641.yaml Updates #609 Updates #611 Updates #612 Updates #615 Updates #616 Updates #617 Updates #618 Updates #620 Updates #622 Updates #623 Updates #625 Updates #626 Updates #630 Updates #631 Updates #632 Updates #634 Updates #636 Updates #638 Updates #640 Updates #641 Change-Id: I9fc909832a7e4eb1d23e5eee482674e307e3ee5c Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/607222 Reviewed-by: Damien Neil <dneil@google.com> Auto-Submit: Tatiana Bradley <tatianabradley@google.com> LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>

julieqiu assigned zpavlinovic Aug 3, 2022

zpavlinovic removed their assignment Aug 15, 2022

julieqiu assigned neild Aug 15, 2022

julieqiu added the NeedsTriage label Aug 15, 2022

julieqiu assigned zpavlinovic and unassigned neild Aug 22, 2022

zpavlinovic added the excluded: EFFECTIVELY_PRIVATE This vulnerability exists in a package can be imported, but isn't meant to be outside that module. label Aug 22, 2022

zpavlinovic closed this as completed Aug 22, 2022

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

x/vulndb: potential Go vuln in github.com/containers/libpod: GHSA-9h63-7qf6-mv6r #641

x/vulndb: potential Go vuln in github.com/containers/libpod: GHSA-9h63-7qf6-mv6r #641

julieqiu commented Aug 1, 2022

gopherbot commented Jun 14, 2024

gopherbot commented Aug 20, 2024

x/vulndb: potential Go vuln in github.com/containers/libpod: GHSA-9h63-7qf6-mv6r #641

x/vulndb: potential Go vuln in github.com/containers/libpod: GHSA-9h63-7qf6-mv6r #641

Comments

julieqiu commented Aug 1, 2022

gopherbot commented Jun 14, 2024

gopherbot commented Aug 20, 2024