CVE-2018-10856

NONE EPSS 54.6%
Published Jul 3, 20188y ago · Modified Jun 17, 20262w ago
Find Similar
Published Jul 3, 2018 8y ago
Last Modified Jun 17, 2026 2w ago

Description

It has been discovered that podman before version 0.6.1 does not drop capabilities when executing a container as a non-root user. This results in unnecessary privileges being granted to the container.

Threat Intelligence

EPSS Exploit Probability
54.6% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 2

CWE-250
CWE-732

Affected Products 1

VendorProductVersionRange
libpod_projectlibpod* <0.6.1

References 3

  • access.redhat.com https://access.redhat.com/errata/RHSA-2018:2037
    Third Party Advisory
  • bugzilla.redhat.com https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10856
    Issue TrackingThird Party Advisory
  • github.com https://github.com/projectatomic/libpod/commit/bae80a0b663925ec751ad2784ca32989403cdc24
    PatchThird Party Advisory

Remediation

  • github.com https://github.com/projectatomic/libpod/commit/bae80a0b663925ec751ad2784ca32989403cdc24
    PatchThird Party Advisory