Nixpkgs security tracker

Login with GitHub

Suggestions search

With package: podman

Found 2 matching suggestions

View:
Compact
Detailed
Permalink CVE-2026-57231
7.5 HIGH
  • CVSS version (CVSS): 3.1
  • Attack Vector (AV): Network (N)
  • Attack Complexity (AC): Low (L)
  • Privileges Required (PR): None (N)
  • User Interaction (UI): None (N)
  • Scope (S): Unchanged (U)
  • Confidentiality (C): High (H)
  • Integrity (I): None (N)
  • Availability (A): None (N)
  • Modified Attack Vector (MAV): Network (N)
  • Modified Attack Complexity (MAC): Low (L)
  • Modified Privileges Required (MPR): None (N)
  • Modified User Interaction (MUI): None (N)
  • Modified Confidentiality (MC): High (H)
  • Modified Scope (MS): Unchanged (U)
  • Modified Integrity (MI): None (N)
  • Modified Availability (MA): None (N)
updated 4 days, 17 hours ago by @LeSuisse Activity log
  • Created suggestion
  • @LeSuisse ignored
    9 packages
    • podman-tui
    • podman-bootc
    • cockpit-podman
    • podman-compose
    • podman-desktop
    • nomad-driver-podman
    • python312Packages.podman
    • python313Packages.podman
    • python314Packages.podman
  • @LeSuisse accepted
  • @LeSuisse published on GitHub
Podman: Malformed Image can trick podman run into leaking host environment variables into the container

Podman is a tool for managing OCI containers and pods. From 1.8.1 until 5.8.4, a container image that contains a environment variable with just a key and no value can trick podman into passing that variable from the host into the container. This is made worse by the fact that using an asterisk (*) will cause podman to pass all host variables into the container. So essentially a malicious image can exfiltrate all podman environment variables that are set in the session from where the container is launched. This vulnerability is fixed in 5.8.4 and 6.0.0.

Affected products

podman
  • ==>= 1.8.1, < 5.8.4

Matching in nixpkgs

pkgs.podman

Program for managing pods, containers and container images

Ignored packages (9)

pkgs.cockpit-podman

Cockpit UI for podman containers

  • nixos-unstable 127
    • nixpkgs-unstable 127
    • nixos-unstable-small 127
  • nixos-26.05 125
    • nixos-26.05-small 125
    • nixpkgs-26.05-darwin 125

Package maintainers

Permalink CVE-2025-4953
7.4 HIGH
  • CVSS version (CVSS): 3.1
  • Attack Vector (AV): Network (N)
  • Attack Complexity (AC): High (H)
  • Privileges Required (PR): None (N)
  • User Interaction (UI): None (N)
  • Scope (S): Unchanged (U)
  • Confidentiality (C): High (H)
  • Integrity (I): High (H)
  • Availability (A): None (N)
  • Modified Attack Vector (MAV): Network (N)
  • Modified Attack Complexity (MAC): High (H)
  • Modified Privileges Required (MPR): None (N)
  • Modified User Interaction (MUI): None (N)
  • Modified Confidentiality (MC): High (H)
  • Modified Scope (MS): Unchanged (U)
  • Modified Integrity (MI): High (H)
  • Modified Availability (MA): None (N)
updated 4 months ago by @LeSuisse Activity log
  • Created suggestion
  • @LeSuisse ignored
    7 packages
    • podman-tui
    • podman-bootc
    • podman-compose
    • podman-desktop
    • nomad-driver-podman
    • python312Packages.podman
    • python313Packages.podman
  • @LeSuisse accepted
  • @LeSuisse deleted
    2 maintainers
    • @saschagrunert
    • @vdemeester
    maintainer.delete
  • @LeSuisse published on GitHub
Podman: build context bind mount

A flaw was found in Podman. In a Containerfile or Podman, data written to RUN --mount=type=bind mounts during the podman build is not discarded. This issue can lead to files created within the container appearing in the temporary build context directory on the host, leaving the created files accessible.

References

Affected products

runc
  • *
cri-o
  • *
rhcos
  • *
conmon
  • *
kernel
  • *
podman
  • *
  • *
skopeo
  • *
buildah
  • *
haproxy
  • *
ignition
  • *
cri-tools
  • *
kernel-rt
  • *
openshift
  • *
openshift-kuryr
  • *
openshift-ansible
  • *
openshift-clients
  • *
openshift4-aws-iso
  • *
container-tools:rhel8
  • *
containernetworking-plugins
  • *
container-tools:rhel8/podman

Matching in nixpkgs

pkgs.podman

Program for managing pods, containers and container images

  • nixos-unstable -
Ignored packages (7)

pkgs.podman-tui

Podman Terminal UI

  • nixos-unstable -

pkgs.podman-bootc

Streamlining podman+bootc interactions

  • nixos-unstable -

pkgs.podman-compose

Implementation of docker-compose with podman backend

  • nixos-unstable -

pkgs.podman-desktop

Graphical tool for developing on containers and Kubernetes

  • nixos-unstable -

Package maintainers

Ignored maintainers (2)
RH/Debian discussion: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1117966#22