PT-2023-3545 · Podman+7 · Podman+7

Avinash Hanwate

Published

2021-07-15

Updated

2025-08-28

CVE-2023-0778

CVSS v2.0

7.1

High

Vector

AV:N/AC:H/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions podman (affected versions not specified)

Description A Time-of-check Time-of-use (TOCTOU) flaw was found in podman, which may allow a malicious user to replace a normal file in a volume with a symlink while exporting the volume. This could allow access to arbitrary files on the host file system. The issue is related to a race condition error when using a shared resource, potentially enabling a remote attacker to access arbitrary files in the host file system.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Time Of Check To Time Of Use

Origin Validation Error

Information Disclosure

Improper Privilege Management

Improper Preservation of Permissions

Type Confusion

Link Following

Incorrect Default Permissions

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-367CWE-346CWE-200CWE-269CWE-281CWE-843CWE-59CWE-276

Related Identifiers

ALSA-2023:2758

ALSA-2023:2802

ALT-PU-2023-1353

ALT-PU-2023-1488

ALT-PU-2025-10794

AZL-39612

AZL-43612

AZL-45381

BDU:2023-03675

BDU:2023-03676

BDU:2023-03685

BDU:2023-03753

BDU:2023-03760

CESA-2023_2758

CESA-2023_2802

CVE-2023-0778

GHSA-QWQV-RQGF-8QH8

GO-2023-1681

OESA-2025-1073

OESA-2025-1074

OPENSUSE-SU-2024:12771-1

RHSA-2023:1325

RHSA-2023:2758

RHSA-2023:2802

RHSA-2023_2758

RHSA-2023_2802

SUSE-SU-2023:1812-1

SUSE-SU-2023:1814-1

SUSE-SU-2023_1812-1

SUSE-SU-2023_1814-1

Affected Products

Alt Linux

Almalinux

Centos

Red Hat

Red Os

Rocky Linux

Suse

Podman

PT-2023-3545 · Podman+7 · Podman+7

CVE-2023-0778

Weakness Enumeration

Related Identifiers

Affected Products

References · 125