Miggo Logo
Miggo Vulnerability Database
CVE-2022-1227

CVE-2022-1227: Podman publishes a malicious image to public registries

8.8

CVSS Score
3.1

Basic Information

CVE ID
CVE-2022-1227
GHSA ID
GHSA-66vw-v2x9-hw75
EPSS Score
0.96585%
CWE
CWE-269
Published
4/30/2022
Updated
9/16/2024
KEV Status
No
Technology
TechnologyGo

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Package NameEcosystemVulnerable VersionsFirst Patched Version
github.com/containers/psgogo< 1.7.21.7.2
github.com/containers/podman/v3go< 3.43.4

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stemmed from psgo's namespace handling functions that executed container-provided nsenter binary and processed untrusted /proc data without proper isolation. The GitHub patch (containers/psgo#92) specifically modified these functions to remove nsenter dependency and implement safe user namespace mapping. Podman's 'top' command leveraged these vulnerable psgo functions, creating the privilege escalation path. The CWE-269 mapping confirms improper privilege management in these namespace joining operations.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

Po*m*n is * tool *or m*n**in* O*I *ont*in*rs *n* po*s. * privil*** *s**l*tion *l*w w*s *oun* in Po*m*n. T*is *l*w *llows *n *tt**k*r to pu*lis* * m*li*ious im*** to * pu*li* r**istry. On** t*is im*** is *ownlo**** *y * pot*nti*l vi*tim, t** vuln*r**i

Reasoning

T** vuln*r**ility st*mm** *rom ps*o's n*m*sp*** **n*lin* *un*tions t**t *x**ut** *ont*in*r-provi*** ns*nt*r *in*ry *n* pro**ss** untrust** /pro* **t* wit*out prop*r isol*tion. T** *it*u* p*t** (*ont*in*rs/ps*o#**) sp**i*i**lly mo*i*i** t**s* *un*tion