Fluid Attacks Database

Description

A vulnerability, which was classified as critical, was found in Podman and Varlink 1.5.1. This affects an unknown part of the component API. The manipulation leads to Remote Privilege Escalation. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-143949 was assigned to this vulnerability.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 11	libpod	>=0 <3.0.0+dfsg1-1	3.0.0+dfsg1-1
debian 12	libpod	>=0 <3.0.0+dfsg1-1	3.0.0+dfsg1-1
rpm rhel7	podman	-	-
rpm rhel8	podman	-	-

Aliases

1. CVE-2019-250672. NVD-2019-250673. OSV-DEBIAN-2019-250674. OSV-2019-250675. SECURITY-TRACKER-CVE-2019-25067

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.