A privilege escalation flaw was found in Podman. This flaw allows an attacker to publish a malicious image to a public registry. Once this image is downloaded by a potential victim, the vulnerability is triggered after a user runs the 'podman top' command. This action gives the attacker access to the host filesystem, leading to information disclosure or denial of service.

The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2022:2143 advisory.

  - A privilege escalation flaw was found in Podman. This flaw allows an attacker to publish a malicious image     to a public registry. Once this image is downloaded by a potential victim, the vulnerability is triggered     after a user runs the 'podman top' command. This action gives the attacker access to the host filesystem,     leading to information disclosure or denial of service. (CVE-2022-1227)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2022:1762 advisory.

  - A privilege escalation flaw was found in Podman. This flaw allows an attacker to publish a malicious image     to a public registry. Once this image is downloaded by a potential victim, the vulnerability is triggered     after a user runs the 'podman top' command. This action gives the attacker access to the host filesystem,     leading to information disclosure or denial of service. (CVE-2022-1227)

  - client_golang is the instrumentation library for Go applications in Prometheus, and the promhttp package     in client_golang provides tooling around HTTP servers and clients. In client_golang prior to version     1.11.1, HTTP server is susceptible to a Denial of Service through unbounded cardinality, and potential     memory exhaustion, when handling requests with non-standard HTTP methods. In order to be affected, an     instrumented software must use any of `promhttp.InstrumentHandler*` middleware except `RequestsInFlight`;
    not filter any specific methods (e.g GET) before middleware; pass metric with `method` label name to our     middleware; and not have any firewall/LB/proxy that filters away requests with unknown `method`.
    client_golang version 1.11.1 contains a patch for this issue. Several workarounds are available, including     removing the `method` label name from counter/gauge used in the InstrumentHandler; turning off affected     promhttp handlers; adding custom middleware before promhttp handler that will sanitize the request method     given by Go http.Request; and using a reverse proxy or web application firewall, configured to only allow     a limited set of methods. (CVE-2022-21698)

  - A flaw was found in Podman, where containers were started incorrectly with non-empty default permissions.
    A vulnerability was found in Moby (Docker Engine), where containers were started incorrectly with non-     empty inheritable Linux process capabilities. This flaw allows an attacker with access to programs with     inheritable file capabilities to elevate those capabilities to the permitted set when execve(2) runs.
    (CVE-2022-27649)

  - A flaw was found in crun where containers were incorrectly started with non-empty default permissions. A     vulnerability was found in Moby (Docker Engine) where containers were started incorrectly with non-empty     inheritable Linux process capabilities. This flaw allows an attacker with access to programs with     inheritable file capabilities to elevate those capabilities to the permitted set when execve(2) runs.
    (CVE-2022-27650)

  - A flaw was found in buildah where containers were incorrectly started with non-empty default permissions.
    A bug was found in Moby (Docker Engine) where containers were incorrectly started with non-empty     inheritable Linux process capabilities, enabling an attacker with access to programs with inheritable file     capabilities to elevate those capabilities to the permitted set when execve(2) runs. This has the     potential to impact confidentiality and integrity. (CVE-2022-27651)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of podman installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2022-1227 advisory.

  - A privilege escalation flaw was found in Podman. This flaw allows an attacker to publish a malicious image     to a public registry. Once this image is downloaded by a potential victim, the vulnerability is triggered     after a user runs the 'podman top' command. This action gives the attacker access to the host filesystem,     leading to information disclosure or denial of service. (CVE-2022-1227)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2022:2263 advisory.

  - psgo: Privilege escalation in 'podman top' (CVE-2022-1227)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:2839-1 advisory.

  - A privilege escalation flaw was found in Podman. This flaw allows an attacker to publish a malicious image     to a public registry. Once this image is downloaded by a potential victim, the vulnerability is triggered     after a user runs the 'podman top' command. This action gives the attacker access to the host filesystem,     leading to information disclosure or denial of service. (CVE-2022-1227)

  - client_golang is the instrumentation library for Go applications in Prometheus, and the promhttp package     in client_golang provides tooling around HTTP servers and clients. In client_golang prior to version     1.11.1, HTTP server is susceptible to a Denial of Service through unbounded cardinality, and potential     memory exhaustion, when handling requests with non-standard HTTP methods. In order to be affected, an     instrumented software must use any of `promhttp.InstrumentHandler*` middleware except `RequestsInFlight`;
    not filter any specific methods (e.g GET) before middleware; pass metric with `method` label name to our     middleware; and not have any firewall/LB/proxy that filters away requests with unknown `method`.
    client_golang version 1.11.1 contains a patch for this issue. Several workarounds are available, including     removing the `method` label name from counter/gauge used in the InstrumentHandler; turning off affected     promhttp handlers; adding custom middleware before promhttp handler that will sanitize the request method     given by Go http.Request; and using a reverse proxy or web application firewall, configured to only allow     a limited set of methods. (CVE-2022-21698)

  - The golang.org/x/crypto/ssh package before 0.0.0-20220314234659-1baeb1ce4c0b for Go allows an attacker to     crash a server in certain circumstances involving AddHostKey. (CVE-2022-27191)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:2834-1 advisory.

  - A privilege escalation flaw was found in Podman. This flaw allows an attacker to publish a malicious image     to a public registry. Once this image is downloaded by a potential victim, the vulnerability is triggered     after a user runs the 'podman top' command. This action gives the attacker access to the host filesystem,     leading to information disclosure or denial of service. (CVE-2022-1227)

  - client_golang is the instrumentation library for Go applications in Prometheus, and the promhttp package     in client_golang provides tooling around HTTP servers and clients. In client_golang prior to version     1.11.1, HTTP server is susceptible to a Denial of Service through unbounded cardinality, and potential     memory exhaustion, when handling requests with non-standard HTTP methods. In order to be affected, an     instrumented software must use any of `promhttp.InstrumentHandler*` middleware except `RequestsInFlight`;
    not filter any specific methods (e.g GET) before middleware; pass metric with `method` label name to our     middleware; and not have any firewall/LB/proxy that filters away requests with unknown `method`.
    client_golang version 1.11.1 contains a patch for this issue. Several workarounds are available, including     removing the `method` label name from counter/gauge used in the InstrumentHandler; turning off affected     promhttp handlers; adding custom middleware before promhttp handler that will sanitize the request method     given by Go http.Request; and using a reverse proxy or web application firewall, configured to only allow     a limited set of methods. (CVE-2022-21698)

  - The golang.org/x/crypto/ssh package before 0.0.0-20220314234659-1baeb1ce4c0b for Go allows an attacker to     crash a server in certain circumstances involving AddHostKey. (CVE-2022-27191)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2022:5622 advisory.

  - psgo: Privilege escalation in 'podman top' (CVE-2022-1227)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:4816 advisory.

  - psgo: Privilege escalation in 'podman top' (CVE-2022-1227)

  - podman: Default inheritable capabilities for linux container should be empty (CVE-2022-27649)

  - buildah: Default inheritable capabilities for linux container should be empty (CVE-2022-27651)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2022-2143 advisory.

  - A privilege escalation flaw was found in Podman. This flaw allows an attacker to publish a malicious image     to a public registry. Once this image is downloaded by a potential victim, the vulnerability is triggered     after a user runs the 'podman top' command. This action gives the attacker access to the host filesystem,     leading to information disclosure or denial of service. (CVE-2022-1227)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:4651 advisory.

  - psgo: Privilege escalation in 'podman top' (CVE-2022-1227)

  - podman: Default inheritable capabilities for linux container should be empty (CVE-2022-27649)

  - buildah: Default inheritable capabilities for linux container should be empty (CVE-2022-27651)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-1762 advisory.

  - A flaw was found in Podman, where containers were started incorrectly with non-empty default permissions.
    A vulnerability was found in Moby (Docker Engine), where containers were started incorrectly with non-     empty inheritable Linux process capabilities. This flaw allows an attacker with access to programs with     inheritable file capabilities to elevate those capabilities to the permitted set when execve(2) runs.
    (CVE-2022-27649)

  - A flaw was found in buildah where containers were incorrectly started with non-empty default permissions.
    A bug was found in Moby (Docker Engine) where containers were incorrectly started with non-empty     inheritable Linux process capabilities, enabling an attacker with access to programs with inheritable file     capabilities to elevate those capabilities to the permitted set when execve(2) runs. This has the     potential to impact confidentiality and integrity. (CVE-2022-27651)

  - A privilege escalation flaw was found in Podman. This flaw allows an attacker to publish a malicious image     to a public registry. Once this image is downloaded by a potential victim, the vulnerability is triggered     after a user runs the 'podman top' command. This action gives the attacker access to the host filesystem,     leading to information disclosure or denial of service. (CVE-2022-1227)

  - A flaw was found in crun where containers were incorrectly started with non-empty default permissions. A     vulnerability was found in Moby (Docker Engine) where containers were started incorrectly with non-empty     inheritable Linux process capabilities. This flaw allows an attacker with access to programs with     inheritable file capabilities to elevate those capabilities to the permitted set when execve(2) runs.
    (CVE-2022-27650)

  - client_golang is the instrumentation library for Go applications in Prometheus, and the promhttp package     in client_golang provides tooling around HTTP servers and clients. In client_golang prior to version     1.11.1, HTTP server is susceptible to a Denial of Service through unbounded cardinality, and potential     memory exhaustion, when handling requests with non-standard HTTP methods. In order to be affected, an     instrumented software must use any of `promhttp.InstrumentHandler*` middleware except `RequestsInFlight`;
    not filter any specific methods (e.g GET) before middleware; pass metric with `method` label name to our     middleware; and not have any firewall/LB/proxy that filters away requests with unknown `method`.
    client_golang version 1.11.1 contains a patch for this issue. Several workarounds are available, including     removing the `method` label name from counter/gauge used in the InstrumentHandler; turning off affected     promhttp handlers; adding custom middleware before promhttp handler that will sanitize the request method     given by Go http.Request; and using a reverse proxy or web application firewall, configured to only allow     a limited set of methods. (CVE-2022-21698)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2022:1762 advisory.

  - A privilege escalation flaw was found in Podman. This flaw allows an attacker to publish a malicious image     to a public registry. Once this image is downloaded by a potential victim, the vulnerability is triggered     after a user runs the 'podman top' command. This action gives the attacker access to the host filesystem,     leading to information disclosure or denial of service. (CVE-2022-1227)

  - client_golang is the instrumentation library for Go applications in Prometheus, and the promhttp package     in client_golang provides tooling around HTTP servers and clients. In client_golang prior to version     1.11.1, HTTP server is susceptible to a Denial of Service through unbounded cardinality, and potential     memory exhaustion, when handling requests with non-standard HTTP methods. In order to be affected, an     instrumented software must use any of `promhttp.InstrumentHandler*` middleware except `RequestsInFlight`;
    not filter any specific methods (e.g GET) before middleware; pass metric with `method` label name to our     middleware; and not have any firewall/LB/proxy that filters away requests with unknown `method`.
    client_golang version 1.11.1 contains a patch for this issue. Several workarounds are available, including     removing the `method` label name from counter/gauge used in the InstrumentHandler; turning off affected     promhttp handlers; adding custom middleware before promhttp handler that will sanitize the request method     given by Go http.Request; and using a reverse proxy or web application firewall, configured to only allow     a limited set of methods. (CVE-2022-21698)

  - A flaw was found in Podman, where containers were started incorrectly with non-empty default permissions.
    A vulnerability was found in Moby (Docker Engine), where containers were started incorrectly with non-     empty inheritable Linux process capabilities. This flaw allows an attacker with access to programs with     inheritable file capabilities to elevate those capabilities to the permitted set when execve(2) runs.
    (CVE-2022-27649)

  - A flaw was found in crun where containers were incorrectly started with non-empty default permissions. A     vulnerability was found in Moby (Docker Engine) where containers were started incorrectly with non-empty     inheritable Linux process capabilities. This flaw allows an attacker with access to programs with     inheritable file capabilities to elevate those capabilities to the permitted set when execve(2) runs.
    (CVE-2022-27650)

  - A flaw was found in buildah where containers were incorrectly started with non-empty default permissions.
    A bug was found in Moby (Docker Engine) where containers were incorrectly started with non-empty     inheritable Linux process capabilities, enabling an attacker with access to programs with inheritable file     capabilities to elevate those capabilities to the permitted set when execve(2) runs. This has the     potential to impact confidentiality and integrity. (CVE-2022-27651)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2022:2143 advisory.

  - A privilege escalation flaw was found in Podman. This flaw allows an attacker to publish a malicious image     to a public registry. Once this image is downloaded by a potential victim, the vulnerability is triggered     after a user runs the 'podman top' command. This action gives the attacker access to the host filesystem,     leading to information disclosure or denial of service. (CVE-2022-1227)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2022:2190 advisory.

  - psgo: Privilege escalation in 'podman top' (CVE-2022-1227)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2022:2143 advisory.

  - psgo: Privilege escalation in 'podman top' (CVE-2022-1227)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:1762 advisory.

  - psgo: Privilege escalation in 'podman top' (CVE-2022-1227)

  - client_golang is the instrumentation library for Go applications in Prometheus, and the promhttp package     in client_golang provides tooling around HTTP servers and clients. In client_golang prior to version     1.11.1, HTTP server is susceptible to a Denial of Service through unbounded cardinality, and potential     memory exhaustion, when handling requests with non-standard HTTP methods. In order to be affected, an     instrumented software must use any of `promhttp.InstrumentHandler*` middleware except `RequestsInFlight`;
    not filter any specific methods (e.g GET) before middleware; pass metric with `method` label name to our     middleware; and not have any firewall/LB/proxy that filters away requests with unknown `method`.
    client_golang version 1.11.1 contains a patch for this issue. Several workarounds are available, including     removing the `method` label name from counter/gauge used in the InstrumentHandler; turning off affected     promhttp handlers; adding custom middleware before promhttp handler that will sanitize the request method     given by Go http.Request; and using a reverse proxy or web application firewall, configured to only allow     a limited set of methods. (CVE-2022-21698)

  - podman: Default inheritable capabilities for linux container should be empty (CVE-2022-27649)

  - crun: Default inheritable capabilities for linux container should be empty (CVE-2022-27650)

  - buildah: Default inheritable capabilities for linux container should be empty (CVE-2022-27651)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote CentOS Linux 8 host has packages installed that are affected by a vulnerability as referenced in the CESA-2022:2143 advisory.

  - psgo: Privilege escalation in 'podman top' (CVE-2022-1227)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2022:1762 advisory.

  - psgo: Privilege escalation in 'podman top' (CVE-2022-1227)

  - prometheus/client_golang: Denial of service using InstrumentHandlerCounter (CVE-2022-21698)

  - podman: Default inheritable capabilities for linux container should be empty (CVE-2022-27649)

  - crun: Default inheritable capabilities for linux container should be empty (CVE-2022-27650)

  - buildah: Default inheritable capabilities for linux container should be empty (CVE-2022-27651)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

ID	Name	Product	Family	Severity
184865	Rocky Linux 8 : container-tools:3.0 (RLSA-2022:2143)	Nessus	Rocky Linux Local Security Checks	high
184630	Rocky Linux 8 : container-tools:rhel8 (RLSA-2022:1762)	Nessus	Rocky Linux Local Security Checks	high
173609	CBL Mariner 2.0 Security Update: podman (CVE-2022-1227)	Nessus	MarinerOS Local Security Checks	high
164875	RHEL 8 : OpenShift Container Platform 4.6.58 packages and (RHSA-2022:2263)	Nessus	Red Hat Local Security Checks	high
164314	SUSE SLES15 Security Update : podman (SUSE-SU-2022:2839-1)	Nessus	SuSE Local Security Checks	high
164263	SUSE SLES15 Security Update : podman (SUSE-SU-2022:2834-1)	Nessus	SuSE Local Security Checks	high
163303	RHEL 8 : container-tools:rhel8 (RHSA-2022:5622)	Nessus	Red Hat Local Security Checks	high
161719	RHEL 8 : container-tools:3.0 (RHSA-2022:4816)	Nessus	Red Hat Local Security Checks	high
161382	Oracle Linux 8 : container-tools:3.0 (ELSA-2022-2143)	Nessus	Oracle Linux Local Security Checks	high
161361	RHEL 8 : container-tools:2.0 (RHSA-2022:4651)	Nessus	Red Hat Local Security Checks	high
161275	Oracle Linux 8 : container-tools:ol8 (ELSA-2022-1762)	Nessus	Oracle Linux Local Security Checks	high
161143	AlmaLinux 8 : container-tools:rhel8 (ALSA-2022:1762)	Nessus	Alma Linux Local Security Checks	high
161097	AlmaLinux 8 : container-tools:3.0 (ALSA-2022:2143)	Nessus	Alma Linux Local Security Checks	high
161076	RHEL 7 : podman (RHSA-2022:2190)	Nessus	Red Hat Local Security Checks	high
161031	RHEL 8 : container-tools:3.0 (RHSA-2022:2143)	Nessus	Red Hat Local Security Checks	high
161023	RHEL 8 : container-tools:rhel8 (RHSA-2022:1762)	Nessus	Red Hat Local Security Checks	high
161004	CentOS 8 : container-tools:3.0 (CESA-2022:2143)	Nessus	CentOS Local Security Checks	high
160967	CentOS 8 : container-tools:rhel8 (CESA-2022:1762)	Nessus	CentOS Local Security Checks	high

Detections

Analytics

CVE-2022-1227

high

Tenable Plugins

high

high

high

high

high

high

high

high

high

high

high

high

high

high

high

high

high

high