Описание
A vulnerability was found in buildah. Incorrect following of symlinks while reading .containerignore and .dockerignore results in information disclosure.
A vulnerability was found in buildah and podman. Incorrect following of symlinks while reading .containerignore and .dockerignore results in information disclosure.
Отчет
These bugs come about when "podman --remote build ..." is run, thus affecting buildah, but the bug itself needs to be fixed in podman, and ported to Buildah.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 7 | buildah | Out of support scope | ||
| Red Hat Enterprise Linux 7 | podman | Out of support scope | ||
| Red Hat Enterprise Linux 8 | container-tools:3.0/podman | Affected | ||
| Red Hat Enterprise Linux 8 | container-tools:4.0/podman | Will not fix | ||
| Red Hat Enterprise Linux 8 | container-tools:rhel8/podman | Affected | ||
| Red Hat OpenShift Container Platform 3.11 | podman | Under investigation | ||
| Red Hat OpenShift Container Platform 4 | buildah | Affected | ||
| Red Hat OpenShift Container Platform 4 | podman | Under investigation | ||
| Red Hat Enterprise Linux 8.8 Extended Update Support | container-tools | Fixed | RHSA-2024:2077 | 29.04.2024 |
| Red Hat Enterprise Linux 9 | podman | Fixed | RHSA-2024:9102 | 12.11.2024 |
Показывать по
Дополнительная информация
Статус:
EPSS
5.9 Medium
CVSS3
Связанные уязвимости
A vulnerability was found in buildah. Incorrect following of symlinks while reading .containerignore and .dockerignore results in information disclosure.
A vulnerability was found in buildah. Incorrect following of symlinks while reading .containerignore and .dockerignore results in information disclosure.
A vulnerability was found in buildah. Incorrect following of symlinks ...
Buildah (as part of Podman) vulnerable to Link Following
EPSS
5.9 Medium
CVSS3