DEBIAN-CVE-2020-14370

See a problem?
Please try reporting it to the source first.

Source

https://security-tracker.debian.org/tracker/CVE-2020-14370

Import Source

https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2020-14370.json

JSON Data

https://api.osv.dev/v1/vulns/DEBIAN-CVE-2020-14370

Upstream

CVE-2020-14370

Published

2020-09-23T13:15:15Z

Modified

2025-09-30T03:54:19Z

Severity

5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

[none]

Details

An information disclosure vulnerability was found in containers/podman in versions before 2.0.5. When using the deprecated Varlink API or the Docker-compatible REST API, if multiple containers are created in a short duration, the environment variables from the first container will get leaked into subsequent containers. An attacker who has control over the subsequent containers could use this flaw to gain access to sensitive information stored in such variables.

References

https://security-tracker.debian.org/tracker/CVE-2020-14370

Affected packages

Debian:11 / libpod

Package

Name: libpod
Purl: pkg:deb/debian/libpod?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.0.6+dfsg1-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / libpod

Package

Name: libpod
Purl: pkg:deb/debian/libpod?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.0.6+dfsg1-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}