Lucene search

GitHub Advisory DatabaseGHSA-RPRG-4V7Q-87V7

HistoryDec 08, 2022 - 6:30 p.m.

Buildah (as part of Podman) vulnerable to Path Traversal

2022-12-0818:30:50

CWE-23

GitHub Advisory Database

github.com

buildah

podman

path traversal

confidentiality

3.3 Low

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

0.0004 Low

EPSS

Percentile

10.6%

JSON

A flaw was found in Buildah. The local path and the lowest subdirectory may be disclosed due to incorrect absolute path traversal, resulting in an impact to confidentiality.

Affected configurations

Vulners

Node

podman_projectpodmanRange≤4.4.1

CPENameOperatorVersion
github.com/containers/podman/v4le4.4.1

CPE	Name	Operator	Version
	github.com/containers/podman/v4	le	4.4.1

References

bugzilla.redhat.com/show_bug.cgi?id=2144989

github.com/advisories/GHSA-rprg-4v7q-87v7

github.com/containers/podman/commit/7934b77dd5372c22063686a218b8b48c2fcaca8c

github.com/containers/podman/issues/13293

github.com/containers/podman/pull/13531

nvd.nist.gov/vuln/detail/CVE-2022-4123

pkg.go.dev/vuln/GO-2022-1159

3.3 Low

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

0.0004 Low

EPSS

Percentile

10.6%

JSON

Related for GHSA-RPRG-4V7Q-87V7