Lucene search
RedhatCVELIST:CVE-2021-3602HistoryMar 03, 2022 - 6:26 p.m.
CVE-2021-3602
2022-03-0318:26:21
CWE-200
redhat
www.cve.org
6
buildah
container builds
ci/cd
An information disclosure flaw was found in Buildah, when building containers using chroot isolation. Running processes in container builds (e.g. Dockerfile RUN commands) can access environment variables from parent and grandparent processes. When run in a container in a CI/CD environment, environment variables may include sensitive information that was shared with the container in order to be used only by Buildah itself (e.g. container registry credentials).
CNA Affected
[
{
"product": "buildah",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Affects v1.21.2, v1.20.0, v1.19.8, v1.18.0, v1.17.1, v1.16.7, Fixed in v1.21.3, v1.19.9, v1.17.2, v1.16.8, v1.22.0 and above."
}
]
}
]Related
fedora
fedora
[SECURITY] Fedora 33 Update: containers-common-1-20.fc33
2021-07-24 01:08:27
[SECURITY] Fedora 33 Update: podman-3.2.3-1.fc33
2021-07-24 01:08:27
[SECURITY] Fedora 33 Update: skopeo-1.3.1-1.fc33
2021-07-24 01:08:27
osv
osv
CVE-2021-3602
2022-03-03 19:15:08
Environment variable leakage in github.com/containers/buildah
2022-07-15 23:30:21
Moderate: container-tools:3.0 security and bug fix update
2021-11-09 08:46:34
oraclelinux
oraclelinux
container-tools:3.0 security and bug fix update
2021-11-16 00:00:00
container-tools:2.0 security update
2021-11-16 00:00:00
container-tools:ol8 security, bug fix, and enhancement update
2021-11-16 00:00:00
nessus
nessus
Rocky Linux 8 : container-tools:2.0 (RLSA-2021:4221)
2023-11-07 00:00:00
CentOS 8 : container-tools:3.0 (CESA-2021:4222)
2021-11-11 00:00:00
Oracle Linux 8 : container-tools:2.0 (ELSA-2021-4221)
2021-11-17 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 10 package podman version 3.2.3-alt1
2021-07-19 00:00:00
debiancve
debiancve
CVE-2021-3602
2022-03-03 19:15:08
openvas
openvas
Fedora: Security Advisory for containers-common (FEDORA-2021-0c53d8738d)
2021-07-27 00:00:00
Fedora: Security Advisory for crun (FEDORA-2021-0c53d8738d)
2021-07-27 00:00:00
Fedora: Security Advisory for buildah (FEDORA-2021-440e34200c)
2021-08-02 00:00:00
cbl_mariner
cbl_mariner
CVE-2021-3602 affecting package cri-o for versions less than 1.21.7-2
2024-04-30 01:31:53
rocky
rocky
container-tools:2.0 security update
2021-11-09 08:45:58
container-tools:3.0 security and bug fix update
2021-11-09 08:46:34
container-tools:rhel8 security, bug fix, and enhancement update
2021-11-09 08:24:51
alpinelinux
alpinelinux
CVE-2021-3602
2022-03-03 19:15:08
almalinux
almalinux
Moderate: container-tools:2.0 security update
2021-11-09 08:45:58
Moderate: container-tools:3.0 security and bug fix update
2021-11-09 08:46:34
Moderate: container-tools:rhel8 security, bug fix, and enhancement update
2021-11-09 08:24:51
redhat
redhat
(RHSA-2021:4222) Moderate: container-tools:3.0 security and bug fix update
2021-11-09 08:46:34
(RHSA-2021:4221) Moderate: container-tools:2.0 security update
2021-11-09 08:45:58
veracode
veracode
Information Disclosure
2021-07-17 10:40:30
github
github
cve
cve
CVE-2021-3602
2022-03-03 19:15:08
ubuntucve
ubuntucve
CVE-2021-3602
2022-03-03 00:00:00
redhatcve
redhatcve
CVE-2021-3602
2021-07-15 22:00:01
nvd
nvd
CVE-2021-3602
2022-03-03 19:15:08
prion
prion
Information disclosure
2022-03-03 19:15:00
suse
suse
mageia
mageia
Updated skopeo/buildah/podman packages fix security vulnerability
2023-07-07 08:54:45