-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AIMiggo AIRoot Cause AnalysisThe GitHub patch shows critical modifications to the setupCapabilities function in pkg/spec/spec.go. The commit message explicitly states the need to 'clear all caps except the bounding set' when --user is specified, and the diff demonstrates the addition of logic to reset capabilities for non-root users. The CWE-732 (Incorrect Permission Assignment) directly maps to this capability retention issue. The added test case in run_test.go verifies capability dropping for non-root users, confirming this was the vulnerable code path.
| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| github.com/containers/podman | go | < 0.6.1 | 0.6.1 |