← Volver a CVEs
CVE-2021-3602
MEDIUM5.5
Descripcion
An information disclosure flaw was found in Buildah, when building containers using chroot isolation. Running processes in container builds (e.g. Dockerfile RUN commands) can access environment variables from parent and grandparent processes. When run in a container in a CI/CD environment, environment variables may include sensitive information that was shared with the container in order to be used only by Buildah itself (e.g. container registry credentials).
Detalles CVE
Puntuacion CVSS v3.15.5
SeveridadMEDIUM
Vector CVSSCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Vector de ataqueLOCAL
ComplejidadLOW
Privilegios requeridosLOW
Interaccion usuarioNONE
Publicado3/3/2022
Ultima modificacion11/21/2024
Fuentenvd
Avistamientos honeypot0
Productos afectados
buildah_project:buildahredhat:enterprise_linuxredhat:enterprise_linux_for_ibm_z_systemsredhat:enterprise_linux_for_power_little_endian
Debilidades (CWE)
CWE-200CWE-212
Referencias
https://bugzilla.redhat.com/show_bug.cgi?id=1969264(secalert@redhat.com)
https://github.com/containers/buildah/commit/a468ce0ffd347035d53ee0e26c205ef604097fb0(secalert@redhat.com)
https://github.com/containers/buildah/security/advisories/GHSA-7638-r9r3-rmjj(secalert@redhat.com)
https://ubuntu.com/security/CVE-2021-3602(secalert@redhat.com)
https://bugzilla.redhat.com/show_bug.cgi?id=1969264(af854a3a-2127-422b-91ae-364da2661108)
https://github.com/containers/buildah/commit/a468ce0ffd347035d53ee0e26c205ef604097fb0(af854a3a-2127-422b-91ae-364da2661108)
https://github.com/containers/buildah/security/advisories/GHSA-7638-r9r3-rmjj(af854a3a-2127-422b-91ae-364da2661108)
https://ubuntu.com/security/CVE-2021-3602(af854a3a-2127-422b-91ae-364da2661108)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.