It has been discovered that podman before version 0.6.1 does not drop capabilities when executing a container as a non-root user. This results in unnecessary privileges being granted to the container.

Affected Packages

Go github.com/containers/podman

Affected versions: 0 (fixed in 0.6.1)

Related CVEs

CVE-2018-10856

Key Information

GHSA ID

GHSA-wp7w-vx86-vj9h

Published

May 13, 2022 1:34 AM

Last Modified

September 16, 2024 3:00 PM

CVSS Score

7.5 /10

Primary Ecosystem

Primary Package

github.com/containers/podman

GitHub Reviewed

✓ Yes

Dataset

Last updated: September 16, 2025 6:29 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.