CVE-2020-14370

Source

https://nvd.nist.gov/vuln/detail/CVE-2020-14370

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-14370.json

Aliases

GHSA-c3wv-qmjj-45r6

Related

Published

2020-09-23T13:15:15Z

Modified

2024-05-14T07:37:28.496887Z

Summary

[none]

Details

An information disclosure vulnerability was found in containers/podman in versions before 2.0.5. When using the deprecated Varlink API or the Docker-compatible REST API, if multiple containers are created in a short duration, the environment variables from the first container will get leaked into subsequent containers. An attacker who has control over the subsequent containers could use this flaw to gain access to sensitive information stored in such variables.

References

Affected packages

Git / github.com/containers/podman

Affected ranges

Type: GIT
Repo: https://github.com/containers/podman
Events: Introduced

0The exact introduced commit is unknown

Fixed

776abc52106ec7652ced6dbc0869020123ed393d

Affected versions

v0.*

v0.10.1

v0.10.1.1

v0.10.1.2

v0.10.1.3

v0.11.1

v0.11.1.1

v0.12.1

v0.12.1.1

v0.12.1.2

v0.2

v0.2.1

v0.2.2

v0.3.1

v0.3.2

v0.3.3

v0.3.4

v0.3.5

v0.4.1

v0.4.2

v0.4.3

v0.4.4

v0.5.1

v0.5.2

v0.5.3

v0.5.4

v0.6.1

v0.6.2

v0.6.3

v0.6.4

v0.6.5

v0.7.1

v0.7.2

v0.7.3

v0.7.4

v0.8.1

v0.8.2

v0.8.2.1

v0.8.3

v0.8.4

v0.8.5

v0.9.1

v0.9.1.1

v0.9.2

v0.9.2.1

v0.9.3

v0.9.3.1

v1.*

v1.1.0

v1.1.1

v1.1.2

v1.2.0

v1.3.0

v1.3.1

v1.4.0

v1.4.1

v1.4.2

v1.4.3

v1.4.4

v1.5.0

v1.5.1

v1.6.0

v1.6.0-rc1

v1.6.0-rc2

v1.6.1

v1.6.1-rc1

v1.6.2

v1.6.2-rc1

v1.7.0

v1.7.0-rc1

v1.7.0-rc2

v1.8.0

v1.8.0-rc1

v1.8.1

v1.8.1-rc1

v1.8.1-rc2

v1.8.1-rc3

v1.8.1-rc4

v1.8.2

v1.8.2-rc1

v1.9.0

v1.9.0-rc1

v1.9.0-rc2

v2.*

v2.0.0

v2.0.0-rc1

v2.0.0-rc2

v2.0.0-rc3

v2.0.0-rc4

v2.0.0-rc5

v2.0.0-rc6

v2.0.0-rc7

v2.0.1

v2.0.2

v2.0.3

v2.0.4