CVE-2020-14370
- Source
- https://cve.org/CVERecord?id=CVE-2020-14370
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-14370.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2020-14370
- Aliases
- Downstream
- Related
- Published
- 2020-09-23T13:15:15.563Z
- Modified
- 2026-04-10T04:22:35.177157Z
- Severity
-
- 5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
- Summary
- [none]
- Details
-
An information disclosure vulnerability was found in containers/podman in versions before 2.0.5. When using the deprecated Varlink API or the Docker-compatible REST API, if multiple containers are created in a short duration, the environment variables from the first container will get leaked into subsequent containers. An attacker who has control over the subsequent containers could use this flaw to gain access to sensitive information stored in such variables.
- References
-
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y74V7HGQBNLT6XECCSNZNFZIB7G7XSAR/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z4Y2FSGQWP4AFT5AZ6UBN6RKHVXUBRFV/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/G6BPCZX4ASKNONL3MSCK564IVXNYSKLP/
- https://bugzilla.redhat.com/show_bug.cgi?id=1874268
Affected packages
Git / github.com/containers/podman
Affected ranges
- Type
- GIT
- Repo
- https://github.com/containers/podman
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affected
- Database specific
{ "versions": [ { "introduced": "0" }, { "fixed": "2.0.5" }, { "introduced": "0" }, { "last_affected": "4.6" } ] }
Database specific
source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-14370.json"
unresolved_ranges
[
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "8.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "31"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "32"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "33"
}
]
}
]