CVE-2023-0778
Published: August 31, 2023Last modified: August 31, 2023
Description
A Time-of-check Time-of-use (TOCTOU) flaw was found in podman. This issue may allow a malicious user to replace a normal file in a volume with a symlink while exporting the volume, allowing for access to arbitrary files on the host file system.
Severity score breakdown
Parameter | Value |
---|---|
Base score | 6.8 |
Attack Vector | NETWORK |
Attack complexity | HIGH |
Privileges required | LOW |
User interaction | NONE |
Scope | UNCHANGED |
Confidentiality | HIGH |
Integrity impact | HIGH |
Availability impact | NONE |
Vector | CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N |
Status
Product | Release | Package | Status |
---|---|---|---|
Alpaquita Linux | Stream | podman | Not affected (4.6.2-r0) |