Описание
A flaw was found in Buildah. The local path and the lowest subdirectory may be disclosed due to incorrect absolute path traversal, resulting in an impact to confidentiality.
Отчет
These bugs come about when "podman --remote build -t test1 -f /tmp/Dockerfile> emptydir" is run, thus affecting buildah, but the bug itself needs to be fixed in podman, and ported to Buildah.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 7 | buildah | Out of support scope | ||
| Red Hat Enterprise Linux 7 | podman | Out of support scope | ||
| Red Hat Enterprise Linux 8 | container-tools:3.0/podman | Not affected | ||
| Red Hat Enterprise Linux 8 | container-tools:4.0/podman | Fix deferred | ||
| Red Hat Enterprise Linux 8 | container-tools:rhel8/podman | Fix deferred | ||
| Red Hat Enterprise Linux 9 | podman | Fix deferred | ||
| Red Hat OpenShift Container Platform 3.11 | podman | Under investigation | ||
| Red Hat OpenShift Container Platform 4 | buildah | Affected | ||
| Red Hat OpenShift Container Platform 4 | podman | Under investigation |
Показывать по
Дополнительная информация
EPSS
3.1 Low
CVSS3
Связанные уязвимости
A flaw was found in Buildah. The local path and the lowest subdirectory may be disclosed due to incorrect absolute path traversal, resulting in an impact to confidentiality.
A flaw was found in Buildah. The local path and the lowest subdirectory may be disclosed due to incorrect absolute path traversal, resulting in an impact to confidentiality.
A flaw was found in Buildah. The local path and the lowest subdirectory may be disclosed due to incorrect absolute path traversal, resulting in an impact to confidentiality.
A flaw was found in Buildah. The local path and the lowest subdirector ...
Buildah (as part of Podman) vulnerable to Path Traversal
EPSS
3.1 Low
CVSS3