← Voltar para CVEs
CVE-2021-3602
MEDIUM5.5
Descricao
An information disclosure flaw was found in Buildah, when building containers using chroot isolation. Running processes in container builds (e.g. Dockerfile RUN commands) can access environment variables from parent and grandparent processes. When run in a container in a CI/CD environment, environment variables may include sensitive information that was shared with the container in order to be used only by Buildah itself (e.g. container registry credentials).
Detalhes CVE
Pontuacao CVSS v3.15.5
SeveridadeMEDIUM
Vetor CVSSCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Vetor de ataqueLOCAL
ComplexidadeLOW
Privilegios necessariosLOW
Interacao do usuarioNONE
Publicado3/3/2022
Ultima modificacao11/21/2024
Fontenvd
Avistamentos honeypot0
Produtos afetados
buildah_project:buildahredhat:enterprise_linuxredhat:enterprise_linux_for_ibm_z_systemsredhat:enterprise_linux_for_power_little_endian
Fraquezas (CWE)
CWE-200CWE-212
Referencias
https://bugzilla.redhat.com/show_bug.cgi?id=1969264(secalert@redhat.com)
https://github.com/containers/buildah/commit/a468ce0ffd347035d53ee0e26c205ef604097fb0(secalert@redhat.com)
https://github.com/containers/buildah/security/advisories/GHSA-7638-r9r3-rmjj(secalert@redhat.com)
https://ubuntu.com/security/CVE-2021-3602(secalert@redhat.com)
https://bugzilla.redhat.com/show_bug.cgi?id=1969264(af854a3a-2127-422b-91ae-364da2661108)
https://github.com/containers/buildah/commit/a468ce0ffd347035d53ee0e26c205ef604097fb0(af854a3a-2127-422b-91ae-364da2661108)
https://github.com/containers/buildah/security/advisories/GHSA-7638-r9r3-rmjj(af854a3a-2127-422b-91ae-364da2661108)
https://ubuntu.com/security/CVE-2021-3602(af854a3a-2127-422b-91ae-364da2661108)
Correlacoes IOC
Sem correlacoes registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.