Sfowl

Name of the Vulnerable Software and Affected Versions: podman versions prior to 1.4.0 Description: A path traversal issue has been found in the way podman handles symlinks inside containers. This could allow an attacker who has already compromised a container to read or write arbitrary files on the host filesystem when an administrator attempts to copy files to or from the container. Recommendations: For versions prior to 1.4.0, update to version 1.4.0 or later to resolve the issue. As a temporary workaround, consider restricting access to sensitive files on the host filesystem and limiting the use of symlinks inside containers until the update can be applied.