Podman/Varlink 1.5.1 API Privilege Escalation

Det var en kritisksvag punkt som finns i Podman and Varlink 1.5.1. Som påverkar en okänd funktion av komponenten API. Manipulering en okänd ingång leder till en sårbarhet klass Privilege Escalation svag punkt. Den rådgivande finns tillgänglig för nedladdning på exploit-db.com. Denna svaga punkt är känd som CVE-2019-25067. Attacken på nätet kan. Han deklarerade proof-of-concept. Den exploit kan laddas ner från exploit-db.com. En möjlig åtgärd har utfärdats före och inte bara efter offentliggörandet.

Fält17/01/2024 08:4117/01/2024 08:4516/02/2024 05:39
namePodman/VarlinkPodman/VarlinkPodman/Varlink
version1.5.11.5.11.5.1
componentAPIAPIAPI
risk222
cvss2_vuldb_basescore6.06.06.0
cvss2_vuldb_tempscore5.15.15.1
cvss2_vuldb_avNNN
cvss2_vuldb_ciPPP
cvss2_vuldb_iiPPP
cvss2_vuldb_aiPPP
cvss3_meta_basescore6.37.17.1
cvss3_meta_tempscore5.76.96.9
cvss3_vuldb_basescore6.36.36.3
cvss3_vuldb_tempscore5.75.75.7
cvss3_vuldb_avNNN
cvss3_vuldb_uiNNN
cvss3_vuldb_sUUU
cvss3_vuldb_cLLL
cvss3_vuldb_iLLL
cvss3_vuldb_aLLL
date1571097600 (15/10/2019)1571097600 (15/10/2019)1571097600 (15/10/2019)
locationExploit-DBExploit-DBExploit-DB
typeExploitExploitExploit
urlhttps://www.exploit-db.com/exploits/47500https://www.exploit-db.com/exploits/47500https://www.exploit-db.com/exploits/47500
identifierEDB-ID 47500EDB-ID 47500EDB-ID 47500
person_nameJeremy BrownJeremy BrownJeremy Brown
availability111
date1571097600 (15/10/2019)1571097600 (15/10/2019)1571097600 (15/10/2019)
publicity111
urlhttps://www.exploit-db.com/exploits/47500https://www.exploit-db.com/exploits/47500https://www.exploit-db.com/exploits/47500
developer_nameJeremy BrownJeremy BrownJeremy Brown
languagePythonPythonPython
price_0day$0-$5k$0-$5k$0-$5k
exploitdb475004750047500
cvss2_vuldb_ePOCPOCPOC
cvss2_vuldb_rlNDNDND
cvss2_vuldb_rcURURUR
cvss3_vuldb_ePPP
cvss3_vuldb_rlXXX
cvss3_vuldb_rcRRR
cvss2_vuldb_acMMM
cvss2_vuldb_auSSS
cvss3_vuldb_acLLL
cvss3_vuldb_prLLL
exploitdb_date1571097600 (15/10/2019)1571097600 (15/10/2019)1571097600 (15/10/2019)
cwe000
cveCVE-2019-25067CVE-2019-25067CVE-2019-25067
responsibleVulDBVulDBVulDB
cve_assigned1654293600 (04/06/2022)1654293600 (04/06/2022)1654293600 (04/06/2022)
cve_nvd_summaryA vulnerability, which was classified as critical, was found in Podman and Varlink 1.5.1. This affects an unknown part of the component API. The manipulation leads to Privilege Escalation. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.A vulnerability, which was classified as critical, was found in Podman and Varlink 1.5.1. This affects an unknown part of the component API. The manipulation leads to Privilege Escalation. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.A vulnerability, which was classified as critical, was found in Podman and Varlink 1.5.1. This affects an unknown part of the component API. The manipulation leads to Privilege Escalation. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
cvss3_nvd_avNN
cvss3_nvd_acLL
cvss3_nvd_prLL
cvss3_nvd_uiNN
cvss3_nvd_sUU
cvss3_nvd_cHH
cvss3_nvd_iHH
cvss3_nvd_aHH
cvss2_nvd_avNN
cvss2_nvd_acLL
cvss2_nvd_auSS
cvss2_nvd_ciPP
cvss2_nvd_iiPP
cvss2_nvd_aiPP
cvss3_cna_avNN
cvss3_cna_acLL
cvss3_cna_prLL
cvss3_cna_uiNN
cvss3_cna_sUU
cvss3_cna_cLL
cvss3_cna_iLL
cvss3_cna_aLL
cve_cnaVulDBVulDB
cvss2_nvd_basescore6.56.5
cvss3_nvd_basescore8.88.8
cvss3_cna_basescore6.36.3
mischttps://github.com/containers/podman/issues/21628

TidigareÖversiktNästa

Want to stay up to date on a daily basis?

Enable the mail alert feature now!