Lucene search

GitHub Advisory DatabaseGHSA-4CRW-W8PW-2HMF

HistoryDec 08, 2022 - 6:30 p.m.

Buildah (as part of Podman) vulnerable to Link Following

2022-12-0818:30:50

CWE-59

GitHub Advisory Database

github.com

buildah

symlink

security

vulnerability

information disclosure

podman

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

EPSS

0.001

Percentile

26.4%

JSON

A vulnerability was found in buildah. Incorrect following of symlinks while reading .containerignore and .dockerignore results in information disclosure.

Affected configurations

Vulners

Node

containerspodmanRange<4.5.0

VendorProductVersionCPE
containerspodman*cpe:2.3:a:containers:podman:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
containers	podman	*	cpe:2.3:a:containers:podman::::::::

References

bugzilla.redhat.com/show_bug.cgi?id=2144983

github.com/advisories/GHSA-4crw-w8pw-2hmf

github.com/containers/podman/commit/c8eeab21cf0a4f670be0cd399dd06fd5d4e06dfe

github.com/containers/podman/pull/16315

nvd.nist.gov/vuln/detail/CVE-2022-4122

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

EPSS

0.001

Percentile

26.4%

JSON

Related for GHSA-4CRW-W8PW-2HMF