CVE-2022-4122
MEDIUM5.3EPSS 0.20%Buildah (as part of Podman) vulnerable to Link Following in github.com/containers/podman
Published: 12/8/2022Modified: 4/28/2026
Description
A vulnerability was found in buildah. Incorrect following of symlinks while reading .containerignore and .dockerignore results in information disclosure.
Affected packages (6)
- Debian/golang-github-containers-buildahfrom 0
- Go/github.com/containers/podmanfrom 0
- Go/github.com/containers/podman/v2from 0
- Go/github.com/containers/podman/v3from 0
- Go/github.com/containers/podman/v4from 0, < 4.5.0
- Go/github.com/containers/podman/v4from 0, < 4.5.0
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM5.3 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
References (6)
- ADVISORYhttps://github.com/advisories/GHSA-4crw-w8pw-2hmf
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2022-4122
- ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2022-4122
- WEBhttps://bugzilla.redhat.com/show_bug.cgi?id=2144983
- WEBhttps://github.com/containers/podman/commit/c8eeab21cf0a4f670be0cd399dd06fd5d4e06dfe
- WEBhttps://github.com/containers/podman/pull/16315