CVE-2023-0778

A Time-of-check Time-of-use (TOCTOU) flaw was found in podman. This issue may allow a malicious user to replace a normal file in a volume with a symlink while exporting the volume, allowing for access to arbitrary files on the host file system.

Published: Mar 27, 2023
Updated: May 9, 2024
CVE: CVE-2023-0778
GHSA: GHSA-qwqv-rqgf-8qh8
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 6.8
AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N

CWEs:

CWE-367

Affected Software
References

Software	From	Fixed in
redhat / enterprise_linux	8.0	8.0.x
redhat / enterprise_linux	9.0	9.0.x
github.com/containers/podman/v4	-	4.4.2

https://access.redhat.com/security/cve/CVE-2023-0778
https://bugzilla.redhat.com/show_bug.cgi?id=2168256
https://github.com/containers/podman/commit/6ca857feb07a5fdc96fd947afef03916291673d8
https://github.com/containers/podman/pull/17528
https://github.com/containers/podman/pull/17532
https://pkg.go.dev/vuln/GO-2023-1681

Vulnerability Database

289,599

CVE-2023-0778