GHSA-c3wv-qmjj-45r6

Suggest an improvement
Source
https://github.com/advisories/GHSA-c3wv-qmjj-45r6
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/04/GHSA-c3wv-qmjj-45r6/GHSA-c3wv-qmjj-45r6.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-c3wv-qmjj-45r6
Aliases
Published
2024-04-24T21:42:22Z
Modified
2024-06-04T16:56:43.819001Z
Severity
  • 5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
Summary
Information disclosure in podman
Details

An information disclosure vulnerability was found in containers/podman in versions before 2.0.5. When using the deprecated Varlink API or the Docker-compatible REST API, if multiple containers are created in a short duration, the environment variables from the first container will get leaked into subsequent containers. An attacker who has control over the subsequent containers could use this flaw to gain access to sensitive information stored in such variables.

Database specific
{
    "nvd_published_at": "2020-09-23T13:15:00Z",
    "cwe_ids": [
        "CWE-200",
        "CWE-212"
    ],
    "severity": "MODERATE",
    "github_reviewed": true,
    "github_reviewed_at": "2024-04-24T21:42:22Z"
}
References

Affected packages

Go / github.com/containers/podman/v2

Package

Name
github.com/containers/podman/v2
View open source insights on deps.dev
Purl
pkg:golang/github.com/containers/podman/v2

Affected ranges

Type
SEMVER
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.0.5