VDB

CVE-2020-14370

CVE-2020-14370 PUBLISHED CVSS 4 MEDIUM

Reported by redhat · Published September 23, 2020

An information disclosure vulnerability was found in containers/podman in versions before 2.0.5. When using the deprecated Varlink API or the Docker-compatible REST API, if multiple containers are created in a short duration, the environment variables from the first container will get leaked into subsequent containers. An attacker who has control over the subsequent containers could use this flaw to gain access to sensitive information stored in such variables.

Risk Scores

CVSS 2.0
4

Affected Products

VendorProductVersions
n/apodmanpodman versions before 2.0.5
n/apodmanpodman versions before 2.0.5, podman versions before 2.0.5, podman versions before 2.0.5
github.comcontainers/podman/v20, 0, 0
github.comcontainers/podman0, 0, 0
alpinepodman0, 0, 0

Timeline

  • Sep 23, 2020 CVE Published
  • Apr 14, 2021 EPSS Score
  • Jun 23, 2021 EPSS Score
  • Aug 24, 2021 EPSS Score
  • Dec 27, 2021 EPSS Score
  • Jan 6, 2022 EPSS Score
  • Feb 4, 2022 EPSS Score
  • Feb 28, 2022 EPSS Score
  • Apr 1, 2022 EPSS Score
  • Jul 3, 2022 EPSS Score
  • Sep 4, 2022 EPSS Score
  • Nov 6, 2022 EPSS Score
Open in Interactive Console →
$ Console Community · 100/wk Open console ›