Nixpkgs security tracker

Login with GitHub

Suggestions search

With package: nomad-driver-podman

Found 2 matching suggestions

View:
Compact
Detailed
Untriaged
Permalink CVE-2026-55686
5.3 MEDIUM
  • CVSS version (CVSS): 3.1
  • Attack Vector (AV): Network (N)
  • Attack Complexity (AC): Low (L)
  • Privileges Required (PR): None (N)
  • User Interaction (UI): None (N)
  • Scope (S): Unchanged (U)
  • Confidentiality (C): None (N)
  • Integrity (I): Low (L)
  • Availability (A): None (N)
  • Modified Attack Vector (MAV): Network (N)
  • Modified Attack Complexity (MAC): Low (L)
  • Modified Privileges Required (MPR): None (N)
  • Modified User Interaction (MUI): None (N)
  • Modified Confidentiality (MC): None (N)
  • Modified Scope (MS): Unchanged (U)
  • Modified Integrity (MI): Low (L)
  • Modified Availability (MA): None (N)
created 5 days, 1 hour ago Activity log
  • Created suggestion
Podman: WORKDIR symlink traversal vulnerability

Podman is a tool for managing OCI containers and pods. From 3.0.0 until 5.7.1, running a malicious container image where the WORKDIR path contains a symlink can create a directory or modify ownership on the host filesystem. Modified ownership is less likely to happen as that requires help from an untrusted/malicious process that mutates the host filesystem tree during dereferencing of the WORKDIR path, to trigger a race condition. This vulnerability is fixed in 5.7.1.

Affected products

podman
  • ==>= 3.0.0, < 5.7.1

Matching in nixpkgs

pkgs.podman

Program for managing pods, containers and container images

pkgs.cockpit-podman

Cockpit UI for podman containers

  • nixos-unstable 127
    • nixpkgs-unstable 127
    • nixos-unstable-small 127
  • nixos-26.05 125
    • nixos-26.05-small 125
    • nixpkgs-26.05-darwin 125

Package maintainers

Untriaged
Permalink CVE-2025-11065
5.3 MEDIUM
  • CVSS version (CVSS): 3.1
  • Attack Vector (AV): Network (N)
  • Attack Complexity (AC): High (H)
  • Privileges Required (PR): None (N)
  • User Interaction (UI): Required (R)
  • Scope (S): Unchanged (U)
  • Confidentiality (C): High (H)
  • Integrity (I): None (N)
  • Availability (A): None (N)
  • Modified Attack Vector (MAV): Network (N)
  • Modified Attack Complexity (MAC): High (H)
  • Modified Privileges Required (MPR): None (N)
  • Modified User Interaction (MUI): Required (R)
  • Modified Confidentiality (MC): High (H)
  • Modified Scope (MS): Unchanged (U)
  • Modified Integrity (MI): None (N)
  • Modified Availability (MA): None (N)
created 5 months ago Activity log
  • Created suggestion
Github.com/go-viper/mapstructure/v2: go-viper's mapstructure may leak sensitive information in logs in github.com/go-viper/mapstructure

A flaw was found in github.com/go-viper/mapstructure/v2, in the field processing component using mapstructure.WeakDecode. This vulnerability allows information disclosure through detailed error messages that may leak sensitive input values via malformed user-supplied data processed in security-critical contexts.

Affected products

podman
toolbox
openshift
microshift
gvisor-tap-vsock
rhtas/cosign-rhel9
rhtas/fulcio-rhel9
devspaces/udi-rhel9
rhtas/gitsign-rhel9
rhtas/rekor-cli-rhel9
devspaces/traefik-rhel9
opentelemetry-collector
devspaces/udi-base-rhel9
rhacm2/acm-grafana-rhel9
rhoai/odh-rhel9-operator
rhtas/rekor-server-rhel9
openshift-pipelines-client
openshift4/ose-helm-operator
redhat-certification-preflight
rhoai/odh-model-registry-rhel9
openshift-gitops-1/argocd-rhel8
openshift-gitops-1/argocd-rhel9
rhtas/timestamp-authority-rhel9
rhacm2/submariner-rhel9-operator
rhtas/rekor-backfill-redis-rhel9
openshift4/ose-helm-rhel9-operator
github.com/go-viper/mapstructure/v2
  • <2.4.0
rhosdt/opentelemetry-collector-rhel8
rhtap-task-runner/rhtap-task-runner-rhel9
advanced-cluster-security/rhacs-main-rhel8
advanced-cluster-security/rhacs-roxctl-rhel8
advanced-cluster-security/rhacs-rhel8-operator
advanced-cluster-security/rhacs-central-db-rhel8
advanced-cluster-security/rhacs-scanner-v4-rhel8
advanced-cluster-security/rhacs-scanner-v4-db-rhel8
zero-trust-workload-identity-manager/spiffe-spire-agent-rhel9
zero-trust-workload-identity-manager/spiffe-spire-server-rhel9
zero-trust-workload-identity-manager/spiffe-spire-oidc-discovery-provider-rhel9
zero-trust-workload-identity-manager/zero-trust-workload-identity-manager-rhel9

Matching in nixpkgs

pkgs.podman

Program for managing pods, containers and container images

pkgs.lttoolbox

Finite state compiler, processor and helper tools used by apertium

pkgs.openshift

Build, deploy, and manage your applications with Docker and Kubernetes

pkgs.devtoolbox

Development tools at your fingertips

pkgs.podman-compose

Implementation of docker-compose with podman backend

Package maintainers