CVE-2021-20188 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2021-20188 Interim 1 22 2023-06-24T23:35:27Z current 2021-05-30T14:47:03Z 2023-06-24T23:35:27Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2021-20188 A flaw was found in podman before 1.7.0. File permissions for non-root users running in a privileged container are not correctly checked. This flaw can be abused by a low-privileged user inside the container to access any other file in the container, even if owned by the root user inside the container. It does not allow to directly escape the container, though being a privileged container means that a lot of security features are disabled when running the container. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://www.suse.com/support/security/rating/ SUSE Security Ratings SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Linux Enterprise Module for Containers 15 SP1 SUSE Linux Enterprise Module for Containers 15 SP2 SUSE Linux Enterprise Module for Containers 15 SP1 SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS SUSE Linux Enterprise Module for Containers 15 SP2 SUSE Linux Enterprise Module for Containers 15 SP1 SUSE Linux Enterprise Server 15 SP1-LTSS SUSE Linux Enterprise Module for Containers 15 SP2 SUSE Linux Enterprise Server Business Critical Linux 15 SP1 SUSE Linux Enterprise Module for Containers 15 SP1 SUSE Linux Enterprise Server for SAP Applications 15 SP1 SUSE Linux Enterprise Module for Containers 15 SP2 SUSE Linux Enterprise Module for Containers 15 SP1 SUSE Manager Proxy 4.0 SUSE Linux Enterprise Module for Containers 15 SP2 SUSE Linux Enterprise Module for Containers 15 SP1 SUSE Manager Retail Branch Server 4.0 SUSE Linux Enterprise Module for Containers 15 SP2 SUSE Linux Enterprise Module for Containers 15 SP1 SUSE Manager Server 4.0 SUSE Linux Enterprise Module for Containers 15 SP2 podman podman-cni-config podman as a component of SUSE CaaS Platform 4.0 podman-cni-config as a component of SUSE CaaS Platform 4.0 podman as a component of SUSE Enterprise Storage 6 podman as a component of SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS podman-cni-config as a component of SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS podman as a component of SUSE Linux Enterprise Module for Containers 15 SP1 podman-cni-config as a component of SUSE Linux Enterprise Module for Containers 15 SP1 podman as a component of SUSE Linux Enterprise Module for Containers 15 SP2 podman-cni-config as a component of SUSE Linux Enterprise Module for Containers 15 SP2 podman as a component of SUSE Linux Enterprise Server 15 SP1-LTSS podman-cni-config as a component of SUSE Linux Enterprise Server 15 SP1-LTSS podman as a component of SUSE Linux Enterprise Server Business Critical Linux 15 SP1 podman as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP1 podman-cni-config as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP1 podman as a component of SUSE Manager Proxy 4.0 podman as a component of SUSE Manager Retail Branch Server 4.0 podman as a component of SUSE Manager Server 4.0 A flaw was found in podman before 1.7.0. File permissions for non-root users running in a privileged container are not correctly checked. This flaw can be abused by a low-privileged user inside the container to access any other file in the container, even if owned by the root user inside the container. It does not allow to directly escape the container, though being a privileged container means that a lot of security features are disabled when running the container. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. CVE-2021-20188 SUSE CaaS Platform 4.0:podman SUSE CaaS Platform 4.0:podman-cni-config SUSE Enterprise Storage 6:podman SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:podman SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:podman-cni-config SUSE Linux Enterprise Module for Containers 15 SP1:podman SUSE Linux Enterprise Module for Containers 15 SP1:podman-cni-config SUSE Linux Enterprise Module for Containers 15 SP2:podman SUSE Linux Enterprise Module for Containers 15 SP2:podman-cni-config SUSE Linux Enterprise Server 15 SP1-LTSS:podman SUSE Linux Enterprise Server 15 SP1-LTSS:podman-cni-config SUSE Linux Enterprise Server Business Critical Linux 15 SP1:podman SUSE Linux Enterprise Server for SAP Applications 15 SP1:podman SUSE Linux Enterprise Server for SAP Applications 15 SP1:podman-cni-config SUSE Manager Proxy 4.0:podman SUSE Manager Retail Branch Server 4.0:podman SUSE Manager Server 4.0:podman moderate 6.9 AV:L/AC:M/Au:N/C:C/I:C/A:C 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H