| id: GO-2022-0416 |
| modules: |
| - module: github.com/containers/podman |
| vulnerable_at: 1.9.3 |
| - module: github.com/containers/podman/v2 |
| vulnerable_at: 2.2.1 |
| - module: github.com/containers/podman/v3 |
| vulnerable_at: 3.4.7 |
| - module: github.com/containers/podman/v4 |
| versions: |
| - fixed: 4.0.3 |
| vulnerable_at: 4.0.2 |
| summary: Podman's default inheritable capabilities for linux container not empty in github.com/containers/podman |
| cves: |
| - CVE-2022-27649 |
| ghsas: |
| - GHSA-qvf8-p83w-v58j |
| references: |
| - advisory: https://github.com/containers/podman/security/advisories/GHSA-qvf8-p83w-v58j |
| - advisory: https://nvd.nist.gov/vuln/detail/CVE-2022-27649 |
| - fix: https://github.com/containers/podman/commit/aafa80918a245edcbdaceb1191d749570f1872d0 |
| - web: https://bugzilla.redhat.com/show_bug.cgi?id=2066568 |
| - web: https://github.com/containers/podman/releases/tag/v4.0.3 |
| - web: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4KDETHL5XCT6RZN2BBNOCEXRZ2W3SFU3 |
| - web: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DLUJZV3HBP56ADXU6QH2V7RNYUPMVBXQ |
| - web: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J5WPM42UR6XIBQNQPNQHM32X7S4LJTRX |
| source: |
| id: GHSA-qvf8-p83w-v58j |
| created: 2024-08-20T13:54:01.273668-04:00 |
| review_status: UNREVIEWED |
| unexcluded: EFFECTIVELY_PRIVATE |
