CVE-2023-0778 | Mend Vulnerability Database

Vulnerability DatabaseCVE-2023-0778

CVE-2023-0778

March 27, 2023

A Time-of-check Time-of-use (TOCTOU) flaw was found in podman. This issue may allow a malicious user to replace a normal file in a volume with a symlink while exporting the volume, allowing for access to arbitrary files on the host file system.

Related Resources (9)

https://bugzilla.redhat.com/show_bug.cgi?id=2168256

https://pkg.go.dev/vuln/GO-2023-1681

https://access.redhat.com/security/cve/CVE-2023-0778

https://github.com/containers/podman

https://github.com/containers/podman/pull/17532

https://github.com/containers/podman/pull/17528

https://github.com/advisories/GHSA-qwqv-rqgf-8qh8

https://github.com/containers/podman/commit/6ca857feb07a5fdc96fd947afef03916291673d8

https://nvd.nist.gov/vuln/detail/CVE-2023-0778

Do you need more information?

CVSS v4

Base Score:

7.6

Attack Vector

NETWORK

Attack Complexity

HIGH

Attack Requirements

NONE

Privileges Required

LOW

User Interaction

NONE

Vulnerable System Confidentiality

HIGH

Vulnerable System Integrity

HIGH

Vulnerable System Availability

NONE

Subsequent System Confidentiality

NONE

Subsequent System Integrity

NONE

Subsequent System Availability

NONE

CVSS v3

Base Score:

6.8

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

NONE

Weakness Type (CWE)

Time-of-check Time-of-use (TOCTOU) Race Condition

CWE-367

EPSS

Base Score:

0.10

Products

Solutions

Resources

Company

Compare

Developer Tools