A flaw was found in Podman. The podman machine init command fails to verify the TLS certificate when downloading the VM images from an OCI registry. This issue results in a Man In The Middle attack.
Credits
This issue was discovered by Paul Holzinger (Red Hat Inc.).