Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2021-3602

Опубликовано: 03 мар. 2022
Источник: debian

Описание

An information disclosure flaw was found in Buildah, when building containers using chroot isolation. Running processes in container builds (e.g. Dockerfile RUN commands) can access environment variables from parent and grandparent processes. When run in a container in a CI/CD environment, environment variables may include sensitive information that was shared with the container in order to be used only by Buildah itself (e.g. container registry credentials).

Пакеты

ПакетСтатусВерсия исправленияРелизТип
golang-github-containers-buildahfixed1.22.3+ds1-1package
golang-github-containers-buildahno-dsabullseyepackage

Примечания

  • https://github.com/containers/buildah/security/advisories/GHSA-7638-r9r3-rmjj

  • https://github.com/containers/buildah/commit/a468ce0ffd347035d53ee0e26c205ef604097fb0 (main)

  • https://github.com/containers/buildah/commit/23c478b815fb93c094070baa336bcb6a27c01683 (release-1.21)

  • https://github.com/containers/buildah/commit/f4f2a7fc78fa4f12e2f6e6c4ab450aae0d182f3e (release-1.19)

Связанные уязвимости

ubuntu логотип

CVE-2021-3602

CVSS3: 5.5
ubuntu
почти 4 года назад

An information disclosure flaw was found in Buildah, when building containers using chroot isolation. Running processes in container builds (e.g. Dockerfile RUN commands) can access environment variables from parent and grandparent processes. When run in a container in a CI/CD environment, environment variables may include sensitive information that was shared with the container in order to be used only by Buildah itself (e.g. container registry credentials).

redhat логотип

CVE-2021-3602

CVSS3: 5.6
redhat
больше 4 лет назад

An information disclosure flaw was found in Buildah, when building containers using chroot isolation. Running processes in container builds (e.g. Dockerfile RUN commands) can access environment variables from parent and grandparent processes. When run in a container in a CI/CD environment, environment variables may include sensitive information that was shared with the container in order to be used only by Buildah itself (e.g. container registry credentials).

nvd логотип

CVE-2021-3602

CVSS3: 5.5
nvd
почти 4 года назад

An information disclosure flaw was found in Buildah, when building containers using chroot isolation. Running processes in container builds (e.g. Dockerfile RUN commands) can access environment variables from parent and grandparent processes. When run in a container in a CI/CD environment, environment variables may include sensitive information that was shared with the container in order to be used only by Buildah itself (e.g. container registry credentials).

msrc логотип

CVE-2021-3602

CVSS3: 5.5
msrc
почти 2 года назад

Описание отсутствует

rocky логотип

RLSA-2021:4222

rocky
около 4 лет назад

Moderate: container-tools:3.0 security and bug fix update