Information Disclosure

2022-09-0521:42:42

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

2.1 Low

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:H/Au:S/C:P/I:N/A:N

0.0005 Low

EPSS

Percentile

15.3%

JSON

podman is vulnerable to information disclosure. The vulnerability exists due to an incorrect version of podman missing for the fix for CVE-2020-14370, which was previously fixed via RHSA-2020:5056 allowing an attacker to gain access to sensitive information stored in environment variables.

CPENameOperatorVersion
podmaneq0.6.1__3.git3e0ff12.el7
podmaneq1.6.4__27.el7_9
podmaneq0.9.2__5.git37a2afe.el7_5
podmaneq1.6.4__29.el7_9
podmaneq0.12.1.2__2.git9551f6b.el7.centos
podmaneq1.6.4__18.el7_8
podmaneq0.11.1.1__3.git594495d.el7.centos
podmaneq1.4.4__2.el7.centos
podmaneq1.6.4__22.el7_9
podmaneq1.2__2.git3bd528e.el7

Name	Operator	Version
podman	eq	0.6.1__3.git3e0ff12.el7
podman	eq	1.6.4__27.el7_9
podman	eq	0.9.2__5.git37a2afe.el7_5
podman	eq	1.6.4__29.el7_9
podman	eq	0.12.1.2__2.git9551f6b.el7.centos
podman	eq	1.6.4__18.el7_8
podman	eq	0.11.1.1__3.git594495d.el7.centos
podman	eq	1.4.4__2.el7.centos
podman	eq	1.6.4__22.el7_9
podman	eq	1.2__2.git3bd528e.el7