Medium severity5.5NVD Advisory· Published Mar 3, 2022· Updated Jun 17, 2026
CVE-2021-3602
CVE-2021-3602
Description
An information disclosure flaw was found in Buildah, when building containers using chroot isolation. Running processes in container builds (e.g. Dockerfile RUN commands) can access environment variables from parent and grandparent processes. When run in a container in a CI/CD environment, environment variables may include sensitive information that was shared with the container in order to be used only by Buildah itself (e.g. container registry credentials).
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
github.com/containers/buildahGo | < 1.16.8 | 1.16.8 |
github.com/containers/buildahGo | >= 1.17.0, < 1.17.2 | 1.17.2 |
github.com/containers/buildahGo | >= 1.18.0, < 1.19.9 | 1.19.9 |
github.com/containers/buildahGo | >= 1.20.0, < 1.21.3 | 1.21.3 |
Affected products
57- osv-coords56 versionspkg:apk/chainguard/buildahpkg:apk/wolfi/buildahpkg:golang/github.com/containers/buildahpkg:rpm/almalinux/buildahpkg:rpm/almalinux/buildah-testspkg:rpm/almalinux/cockpit-podmanpkg:rpm/almalinux/conmonpkg:rpm/almalinux/containernetworking-pluginspkg:rpm/almalinux/containers-commonpkg:rpm/almalinux/container-selinuxpkg:rpm/almalinux/critpkg:rpm/almalinux/criupkg:rpm/almalinux/criu-develpkg:rpm/almalinux/criu-libspkg:rpm/almalinux/crunpkg:rpm/almalinux/fuse-overlayfspkg:rpm/almalinux/libslirppkg:rpm/almalinux/libslirp-develpkg:rpm/almalinux/oci-seccomp-bpf-hookpkg:rpm/almalinux/python3-criupkg:rpm/almalinux/python-podman-apipkg:rpm/almalinux/runcpkg:rpm/almalinux/skopeopkg:rpm/almalinux/skopeo-testspkg:rpm/almalinux/slirp4netnspkg:rpm/almalinux/toolboxpkg:rpm/almalinux/toolbox-testspkg:rpm/almalinux/udicapkg:rpm/opensuse/conmon&distro=openSUSE%20Leap%2015.3pkg:rpm/opensuse/libcontainers-common&distro=openSUSE%20Leap%2015.3pkg:rpm/opensuse/libcontainers-common&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/libseccomp&distro=openSUSE%20Leap%2015.3pkg:rpm/opensuse/podman&distro=openSUSE%20Leap%2015.3pkg:rpm/suse/conmon&distro=SUSE%20Linux%20Enterprise%20Micro%205.1pkg:rpm/suse/conmon&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Containers%2015%20SP3pkg:rpm/suse/libcontainers-common&distro=SUSE%20Enterprise%20Storage%206pkg:rpm/suse/libcontainers-common&distro=SUSE%20Enterprise%20Storage%207pkg:rpm/suse/libcontainers-common&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-ESPOSpkg:rpm/suse/libcontainers-common&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-LTSSpkg:rpm/suse/libcontainers-common&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-ESPOSpkg:rpm/suse/libcontainers-common&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-LTSSpkg:rpm/suse/libcontainers-common&distro=SUSE%20Linux%20Enterprise%20Micro%205.1pkg:rpm/suse/libcontainers-common&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP3pkg:rpm/suse/libcontainers-common&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-BCLpkg:rpm/suse/libcontainers-common&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-LTSSpkg:rpm/suse/libcontainers-common&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP2-BCLpkg:rpm/suse/libcontainers-common&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP2-LTSSpkg:rpm/suse/libcontainers-common&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP1pkg:rpm/suse/libcontainers-common&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP2pkg:rpm/suse/libcontainers-common&distro=SUSE%20Manager%20Proxy%204.1pkg:rpm/suse/libcontainers-common&distro=SUSE%20Manager%20Retail%20Branch%20Server%204.1pkg:rpm/suse/libcontainers-common&distro=SUSE%20Manager%20Server%204.1pkg:rpm/suse/libseccomp&distro=SUSE%20Linux%20Enterprise%20Micro%205.1pkg:rpm/suse/libseccomp&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP3pkg:rpm/suse/podman&distro=SUSE%20Linux%20Enterprise%20Micro%205.1pkg:rpm/suse/podman&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Containers%2015%20SP3
< 0+ 55 more
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 1.16.8
- (no CPE)range: < 1.19.9-1.module_el8.5.0+2614+87221ce8
- (no CPE)range: < 1.19.9-1.module_el8.5.0+2614+87221ce8
- (no CPE)range: < 11-1.module_el8.5.0+108+00865455
- (no CPE)range: < 2:2.0.15-1.module_el8.5.0+108+00865455
- (no CPE)range: < 0.8.3-4.module_el8.5.0+2635+e4386a39
- (no CPE)range: < 1:0.1.41-4.module_el8.5.0+108+00865455
- (no CPE)range: < 2:2.130.0-1.module_el8.5.0+2635+e4386a39
- (no CPE)range: < 3.15-3.module_el8.6.0+2751+06427ca3
- (no CPE)range: < 3.15-3.module_el8.5.0+2613+1b78b731
- (no CPE)range: < 3.15-3.module_el8.6.0+2751+06427ca3
- (no CPE)range: < 3.15-3.module_el8.5.0+2613+1b78b731
- (no CPE)range: < 0.18-2.module_el8.5.0+2614+87221ce8
- (no CPE)range: < 0.7.8-1.module_el8.5.0+108+00865455
- (no CPE)range: < 4.4.0-1.module_el8.6.0+2877+8e437bf5
- (no CPE)range: < 4.4.0-1.module_el8.5.0+2613+1b78b731
- (no CPE)range: < 1.2.3-3.module_el8.6.0+2877+8e437bf5
- (no CPE)range: < 3.15-3.module_el8.5.0+2613+1b78b731
- (no CPE)range: < 1.2.0-0.2.gitd0a45fe.module_el8.5.0+2635+e4386a39
- (no CPE)range: < 1.0.0-66.rc10.module_el8.5.0+2635+e4386a39
- (no CPE)range: < 1:0.1.41-4.module_el8.5.0+2635+e4386a39
- (no CPE)range: < 1:0.1.41-4.module_el8.5.0+108+00865455
- (no CPE)range: < 1.1.8-1.module_el8.6.0+2876+9ed4eae2
- (no CPE)range: < 0.0.99.3-0.4.module_el8.6.0+2877+8e437bf5
- (no CPE)range: < 0.0.99.3-0.4.module_el8.5.0+2613+1b78b731
- (no CPE)range: < 0.2.1-2.module_el8.5.0+108+00865455
- (no CPE)range: < 2.0.30-150300.8.3.1
- (no CPE)range: < 20210626-150300.8.3.1
- (no CPE)range: < 20210626-7.1
- (no CPE)range: < 2.5.3-150300.10.5.1
- (no CPE)range: < 3.4.4-150300.9.3.2
- (no CPE)range: < 2.0.30-150300.8.3.1
- (no CPE)range: < 2.0.30-150300.8.3.1
- (no CPE)range: < 20210626-150100.3.15.1
- (no CPE)range: < 20210626-150100.3.15.1
- (no CPE)range: < 20210626-150100.3.15.1
- (no CPE)range: < 20210626-150100.3.15.1
- (no CPE)range: < 20210626-150100.3.15.1
- (no CPE)range: < 20210626-150100.3.15.1
- (no CPE)range: < 20210626-150300.8.3.1
- (no CPE)range: < 20210626-150300.8.3.1
- (no CPE)range: < 20210626-150100.3.15.1
- (no CPE)range: < 20210626-150100.3.15.1
- (no CPE)range: < 20210626-150100.3.15.1
- (no CPE)range: < 20210626-150100.3.15.1
- (no CPE)range: < 20210626-150100.3.15.1
- (no CPE)range: < 20210626-150100.3.15.1
- (no CPE)range: < 20210626-150100.3.15.1
- (no CPE)range: < 20210626-150100.3.15.1
- (no CPE)range: < 20210626-150100.3.15.1
- (no CPE)range: < 2.5.3-150300.10.5.1
- (no CPE)range: < 2.5.3-150300.10.5.1
- (no CPE)range: < 3.4.4-150300.9.3.2
- (no CPE)range: < 3.4.4-150300.9.3.2
- Range: Affects v1.21.2, v1.20.0, v1.19.8, v1.18.0, v1.17.1, v1.16.7, Fixed in v1.21.3, v1.19.9, v1.17.2, v1.16.8, v1.22.0 and above.
Patches
Vulnerability mechanics
References
7- bugzilla.redhat.com/show_bug.cginvdIssue TrackingPatchThird Party AdvisoryWEB
- github.com/containers/buildah/commit/a468ce0ffd347035d53ee0e26c205ef604097fb0nvdPatchThird Party AdvisoryWEB
- ubuntu.com/security/CVE-2021-3602nvdPatchThird Party AdvisoryWEB
- github.com/advisories/GHSA-7638-r9r3-rmjjghsaADVISORY
- github.com/containers/buildah/security/advisories/GHSA-7638-r9r3-rmjjnvdThird Party AdvisoryWEB
- nvd.nist.gov/vuln/detail/CVE-2021-3602ghsaADVISORY
- pkg.go.dev/vuln/GO-2022-0345ghsaWEB
News mentions
0No linked articles in our index yet.