CVE-2022-4122
MEDIUM5.3EPSS 0.20%Buildah (as part of Podman) vulnerable to Link Following in github.com/containers/podman
發布日:2022/12/8修改日:2026/4/28
描述
A vulnerability was found in buildah. Incorrect following of symlinks while reading .containerignore and .dockerignore results in information disclosure.
受影響套件(6)
- Debian/golang-github-containers-buildahfrom 0
- Go/github.com/containers/podmanfrom 0
- Go/github.com/containers/podman/v2from 0
- Go/github.com/containers/podman/v3from 0
- Go/github.com/containers/podman/v4from 0, < 4.5.0
- Go/github.com/containers/podman/v4from 0, < 4.5.0
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM5.3 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
參考連結(6)
- ADVISORYhttps://github.com/advisories/GHSA-4crw-w8pw-2hmf
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2022-4122
- ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2022-4122
- WEBhttps://bugzilla.redhat.com/show_bug.cgi?id=2144983
- WEBhttps://github.com/containers/podman/commit/c8eeab21cf0a4f670be0cd399dd06fd5d4e06dfe
- WEBhttps://github.com/containers/podman/pull/16315