Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Podman Desktop Extension System Vulnerable to Authentication Bypass
Vulnerability Description
Podman Desktop is a graphical tool for developing on containers and Kubernetes. A critical authentication bypass vulnerability in Podman Desktop prior to version 1.25.1 allows any extension to completely circumvent permission checks and gain unauthorized access to all authentication sessions. The `isAccessAllowed()` function unconditionally returns `true`, enabling malicious extensions to impersonate any user, hijack authentication sessions, and access sensitive resources without authorization. This vulnerability affects all versions of Podman Desktop. Version 1.25.1 contains a patch for the issue.
CVSS Information
N/A
Vulnerability Type
授权机制不恰当
Vulnerability Title
Podman Desktop 授权问题漏洞
Vulnerability Description
Podman Desktop是podman-desktop开源的一个容器管理工具。 Podman Desktop 1.25.1之前版本存在授权问题漏洞,该漏洞源于isAccessAllowed函数无条件返回true,可能导致身份验证绕过和会话劫持。
CVSS Information
N/A
Vulnerability Type
N/A