CVE-2021-20188

Name of the Vulnerable Software and Affected Versions: podman versions prior to 1.7.0

Description: A flaw was found in podman where file permissions for non-root users running in a privileged container are not correctly checked. This flaw can be abused by a low-privileged user inside the container to access any other file in the container, even if owned by the root user inside the container. Although it does not allow direct escape from the container, the fact that it is a privileged container means many security features are disabled. The highest threat from this issue is to data confidentiality and integrity as well as system availability.

Recommendations: For podman versions prior to 1.7.0, update to version 1.7.0 or later to resolve the issue. As a temporary workaround, consider restricting the use of privileged containers to minimize the risk of exploitation. Additionally, ensure that access to sensitive files within the container is tightly controlled and monitored.