Description
An information disclosure vulnerability was found in containers/podman in versions before 2.0.5. When using the deprecated Varlink API or the Docker-compatible REST API, if multiple containers are created in a short duration, the environment variables from the first container will get leaked into subsequent containers. An attacker who has control over the subsequent containers could use this flaw to gain access to sensitive information stored in such variables.
CVSS Metrics
- Vector
- CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
- Attack Vector
- network
- Complexity
- high
- Privileges
- low
- User Action
- none
- Scope
- unchanged
- Confidentiality
- high
- Integrity
- none
- Availability
- none
- Weaknesses
- CWE-212CWE-212
Metadata
- Primary Vendor
- PODMAN_PROJECT
- Published
- 9/23/2020
- Last Modified
- 11/21/2024
- Source
- NIST NVD
- Note: Verify all details with official vendor sources before applying patches.
Affected Products
podman_project : podmanredhat : openshift_container_platformredhat : enterprise_linuxredhat : enterprise_linuxfedoraproject : fedorafedoraproject : fedorafedoraproject : fedora
AI-Powered Remediation
Generate remediation guidance or a C-suite brief for this vulnerability.