First published: Tue Nov 22 2022(Updated: )
A flaw was found in Buildah. The local path and the lowest subdirectory may be disclosed due to incorrect absolute path traversal, resulting in an impact to confidentiality.
Credit: secalert@redhat.com secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
go/github.com/containers/podman/v4 | >=4.1.0-rc1<=4.4.1 | |
Podman Project Podman | =4.1.0 | |
Podman Project Podman | =4.1.0-rc1 | |
Podman Project Podman | =4.1.0-rc2 | |
Podman Project Podman | =4.1.1 | |
Podman Project Podman | =4.2.0 | |
Podman Project Podman | =4.2.0-rc1 | |
Podman Project Podman | =4.2.0-rc2 | |
Podman Project Podman | =4.2.0-rc3 | |
Podman Project Podman | =4.2.1 | |
Podman Project Podman | =4.3.0 | |
Fedoraproject Fedora | =35 | |
Fedoraproject Fedora | =36 | |
Fedoraproject Fedora | =37 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2022-4123 is a vulnerability found in Buildah that could result in the disclosure of the local path and lowest subdirectory, impacting confidentiality.
The severity of CVE-2022-4123 is low, with a severity rating of 3.3.
The affected software includes Podman (versions 4.1.0 to 4.4.1) and Fedora (versions 35 to 37).
To fix CVE-2022-4123, it is recommended to upgrade to a patched version of Podman or Fedora, depending on the affected software.
You can find more information about CVE-2022-4123 in the following references: [NVD](https://nvd.nist.gov/vuln/detail/CVE-2022-4123), [Red Hat Bugzilla](https://bugzilla.redhat.com/show_bug.cgi?id=2144989), [GitHub Issue](https://github.com/containers/podman/issues/13293).