PT-2026-5222 · Red Hat · Podman-Desktop
B0B0Haha
·
Publicado
2026-01-28
·
Atualizado
2026-03-02
·
CVE-2026-24835
CVSS v2.0
9.4
Crítica
| Vetor | AV:N/AC:L/Au:N/C:C/I:C/A:N |
Name of the Vulnerable Software and Affected Versions
Podman Desktop versions prior to 1.25.1
Description
Podman Desktop is a graphical tool for developing on containers and Kubernetes. A critical authentication bypass allows any extension to circumvent permission checks and gain unauthorized access to all authentication sessions. The
isAccessAllowed() function unconditionally returns true, enabling malicious extensions to impersonate any user, hijack authentication sessions, and access sensitive resources without authorization.Recommendations
Update Podman Desktop to version 1.25.1 or later.
Exploit
Correção
Improper Authorization
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Podman-Desktop