Lucene search
GoogleOSV:CVE-2021-3602HistoryMar 03, 2022 - 7:15 p.m.
CVE-2021-3602
2022-03-0319:15:08
Google
osv.dev
7
buildah
container
environment variables
information disclosure
security vulnerability
An information disclosure flaw was found in Buildah, when building containers using chroot isolation. Running processes in container builds (e.g. Dockerfile RUN commands) can access environment variables from parent and grandparent processes. When run in a container in a CI/CD environment, environment variables may include sensitive information that was shared with the container in order to be used only by Buildah itself (e.g. container registry credentials).
Related
nessus
nessus
Rocky Linux 8 : container-tools:2.0 (RLSA-2021:4221)
2023-11-07 00:00:00
AlmaLinux 8 : container-tools:3.0 (ALSA-2021:4222)
2022-03-11 00:00:00
RHEL 8 : container-tools:2.0 (RHSA-2021:4221)
2021-11-11 00:00:00
osv
osv
Environment variable leakage in github.com/containers/buildah
2022-07-15 23:30:21
Moderate: container-tools:3.0 security and bug fix update
2021-11-09 08:46:34
Moderate: container-tools:2.0 security update
2021-11-09 08:45:58
oraclelinux
oraclelinux
container-tools:3.0 security and bug fix update
2021-11-16 00:00:00
container-tools:2.0 security update
2021-11-16 00:00:00
container-tools:ol8 security, bug fix, and enhancement update
2021-11-16 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 10 package podman version 3.2.3-alt1
2021-07-19 00:00:00
fedora
fedora
[SECURITY] Fedora 33 Update: podman-3.2.3-1.fc33
2021-07-24 01:08:27
[SECURITY] Fedora 33 Update: containers-common-1-20.fc33
2021-07-24 01:08:27
[SECURITY] Fedora 33 Update: buildah-1.21.4-4.fc33
2021-08-02 01:06:50
openvas
openvas
Fedora: Security Advisory for containers-common (FEDORA-2021-0c53d8738d)
2021-07-27 00:00:00
Fedora: Security Advisory for buildah (FEDORA-2021-112557d2c5)
2021-08-02 00:00:00
Fedora: Security Advisory for skopeo (FEDORA-2021-0c53d8738d)
2021-07-27 00:00:00
debiancve
debiancve
CVE-2021-3602
2022-03-03 19:15:08
cvelist
cvelist
CVE-2021-3602
2022-03-03 18:26:21
cve
cve
CVE-2021-3602
2022-03-03 19:15:08
github
github
veracode
veracode
Information Disclosure
2021-07-17 10:40:30
almalinux
almalinux
Moderate: container-tools:3.0 security and bug fix update
2021-11-09 08:46:34
Moderate: container-tools:2.0 security update
2021-11-09 08:45:58
Moderate: container-tools:rhel8 security, bug fix, and enhancement update
2021-11-09 08:24:51
prion
prion
Information disclosure
2022-03-03 19:15:00
redhatcve
redhatcve
CVE-2021-3602
2021-07-15 22:00:01
rocky
rocky
container-tools:3.0 security and bug fix update
2021-11-09 08:46:34
container-tools:2.0 security update
2021-11-09 08:45:58
container-tools:rhel8 security, bug fix, and enhancement update
2021-11-09 08:24:51
redhat
redhat
(RHSA-2021:4221) Moderate: container-tools:2.0 security update
2021-11-09 08:45:58
(RHSA-2021:4222) Moderate: container-tools:3.0 security and bug fix update
2021-11-09 08:46:34
nvd
nvd
CVE-2021-3602
2022-03-03 19:15:08
ubuntucve
ubuntucve
CVE-2021-3602
2022-03-03 00:00:00
cbl_mariner
cbl_mariner
CVE-2021-3602 affecting package cri-o for versions less than 1.21.7-2
2024-04-30 01:31:53
alpinelinux
alpinelinux
CVE-2021-3602
2022-03-03 19:15:08
suse
suse
mageia
mageia
Updated skopeo/buildah/podman packages fix security vulnerability
2023-07-07 08:54:45