VDB
CVE-2020-14370
CVE-2020-14370
PUBLISHED
CVSS 4 MEDIUM
Reported by redhat · Published September 23, 2020
An information disclosure vulnerability was found in containers/podman in versions before 2.0.5. When using the deprecated Varlink API or the Docker-compatible REST API, if multiple containers are created in a short duration, the environment variables from the first container will get leaked into subsequent containers. An attacker who has control over the subsequent containers could use this flaw to gain access to sensitive information stored in such variables.
Risk Scores
CVSS 2.0
4
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| n/a | podman | podman versions before 2.0.5 |
| n/a | podman | podman versions before 2.0.5, podman versions before 2.0.5, podman versions before 2.0.5 |
| github.com | containers/podman/v2 | 0, 0, 0 |
| github.com | containers/podman | 0, 0, 0 |
| alpine | podman | 0, 0, 0 |
Timeline
- Sep 23, 2020 CVE Published
- Apr 14, 2021 EPSS Score
- Jun 23, 2021 EPSS Score
- Aug 24, 2021 EPSS Score
- Dec 27, 2021 EPSS Score
- Jan 6, 2022 EPSS Score
- Feb 4, 2022 EPSS Score
- Feb 28, 2022 EPSS Score
- Apr 1, 2022 EPSS Score
- Jul 3, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
- Nov 6, 2022 EPSS Score
References
- FEDORA-2020-76fcd0ba34 vendor-advisory
- FEDORA-2020-7b6058fec9 vendor-advisory
- FEDORA-2020-3a4b8fca5e vendor-advisory
- https://nvd.nist.gov/vuln/detail/CVE-2020-14370 advisory
- https://github.com/advisories/GHSA-c3wv-qmjj-45r6 advisory
- https://github.com/containers/podman/commit/a7e864e6e7de894d4edde4fff00e53dc6a0b5074 patch
- https://github.com/containers/podman url
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/G6BPCZX4ASKNONL3MSCK564IVXNYSKLP url
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y74V7HGQBNLT6XECCSNZNFZIB7G7XSAR url
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z4Y2FSGQWP4AFT5AZ6UBN6RKHVXUBRFV url