CNNVD-202601-4645 Information

CNNVD ID

CNNVD-202601-4645

Related CVE

CVE-2026-24835

• CNNVD Published: 2026-01-28

Description (Chinese)

Podman Desktop是podman-desktop开源的一个容器管理工具。 Podman Desktop 1.25.1之前版本存在授权问题漏洞，该漏洞源于isAccessAllowed函数无条件返回true，可能导致身份验证绕过和会话劫持。

Description (English)

Podman Desktop is a container management tool for popman-desktop open sources. The previous version of Podman Desktop 1.25.1 had a mandate gap, which stemmed from the unconditional return of the IsAccessAllowed function to True, which could lead to the identification being bypassed and session hijacking.

Hazard Level

Low

Vulnerability Type

授权问题

Affected Vendor

podman-desktop

Published

2026-01-28

Last Modified

2026-02-24

References

https://drive.google.com/file/d/1ib4RG34mGHDlXeyib8L2j9L5rEDxuDM5/view?usp=sharing https://github.com/podman-desktop/podman-desktop/security/advisories/GHSA-v3fx-qg34-6g9m

Patch

https://github.com/podman-desktop/podman-desktop/releases