{
  "threat_severity" : "Important",
  "public_date" : "2021-07-15T00:00:00Z",
  "bugzilla" : {
    "description" : "psgo: Privilege escalation in 'podman top'",
    "id" : "2070368",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2070368"
  },
  "cvss3" : {
    "cvss3_base_score" : "8.0",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
    "status" : "verified"
  },
  "cwe" : "CWE-281",
  "details" : [ "A privilege escalation flaw was found in Podman. This flaw allows an attacker to publish a malicious image to a public registry. Once this image is downloaded by a potential victim, the vulnerability is triggered after a user runs the 'podman top' command. This action gives the attacker access to the host filesystem, leading to information disclosure or denial of service.", "A privilege escalation flaw was found in Podman. This flaw allows an attacker to publish a malicious image to a public registry. Once this image is downloaded by a potential victim, the vulnerability is triggered after a user runs the 'podman top' command. This action gives the attacker access to the host filesystem, leading to information disclosure or denial of service." ],
  "acknowledgement" : "Red Hat would like to thank Aleksa Sarai (SUSE) for reporting this issue.",
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 7 Extras",
    "release_date" : "2022-05-11T00:00:00Z",
    "advisory" : "RHSA-2022:2190",
    "cpe" : "cpe:/a:redhat:rhel_extras_other:7",
    "package" : "podman-0:1.6.4-32.el7_9"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "release_date" : "2022-05-10T00:00:00Z",
    "advisory" : "RHSA-2022:1762",
    "cpe" : "cpe:/a:redhat:enterprise_linux:8",
    "package" : "container-tools:rhel8-8060020220401155929.2e213529"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "release_date" : "2022-05-10T00:00:00Z",
    "advisory" : "RHSA-2022:2143",
    "cpe" : "cpe:/a:redhat:enterprise_linux:8",
    "package" : "container-tools:3.0-8060020220419093427.3b538bd8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8.2 Extended Update Support",
    "release_date" : "2022-05-18T00:00:00Z",
    "advisory" : "RHSA-2022:4651",
    "cpe" : "cpe:/a:redhat:rhel_eus:8.2",
    "package" : "container-tools:2.0-8020020220420173758.28c38760"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8.4 Extended Update Support",
    "release_date" : "2022-05-31T00:00:00Z",
    "advisory" : "RHSA-2022:4816",
    "cpe" : "cpe:/a:redhat:rhel_eus:8.4",
    "package" : "container-tools:3.0-8040020220419093313.c0c392d5"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8.4 Extended Update Support",
    "release_date" : "2022-07-19T00:00:00Z",
    "advisory" : "RHSA-2022:5622",
    "cpe" : "cpe:/a:redhat:rhel_eus:8.4",
    "package" : "container-tools:rhel8-8040020220623181602.c0c392d5"
  }, {
    "product_name" : "Red Hat OpenShift Container Platform 4.6",
    "release_date" : "2022-05-26T00:00:00Z",
    "advisory" : "RHSA-2022:2263",
    "cpe" : "cpe:/a:redhat:openshift:4.6::el8",
    "package" : "podman-0:1.9.3-5.rhaos4.6.el8"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Affected",
    "package_name" : "container-tools:2.0/podman",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Not affected",
    "package_name" : "container-tools:4.0/conmon",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Not affected",
    "package_name" : "container-tools:4.0/podman",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Not affected",
    "package_name" : "conmon",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Not affected",
    "package_name" : "podman",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  }, {
    "product_name" : "Red Hat OpenShift Container Platform 4",
    "fix_state" : "Not affected",
    "package_name" : "cri-o",
    "cpe" : "cpe:/a:redhat:openshift:4"
  }, {
    "product_name" : "Red Hat OpenShift Container Platform 4",
    "fix_state" : "Not affected",
    "package_name" : "openshift4/cnf-tests-rhel8",
    "cpe" : "cpe:/a:redhat:openshift:4"
  }, {
    "product_name" : "Red Hat OpenShift Container Platform 4",
    "fix_state" : "Will not fix",
    "package_name" : "openshift4/file-integrity-rhel8-operator",
    "cpe" : "cpe:/a:redhat:openshift:4"
  }, {
    "product_name" : "Red Hat OpenShift Container Platform 4",
    "fix_state" : "Not affected",
    "package_name" : "openshift4/ose-machine-config-operator",
    "cpe" : "cpe:/a:redhat:openshift:4"
  }, {
    "product_name" : "Red Hat Quay 3",
    "fix_state" : "Affected",
    "package_name" : "quay/quay-builder-rhel8",
    "cpe" : "cpe:/a:redhat:quay:3"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2022-1227\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-1227\nhttps://github.com/containers/podman/issues/10941" ],
  "name" : "CVE-2022-1227",
  "csaw" : false
}