rpm package
suse/buildah&distro=SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS
pkg:rpm/suse/buildah&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-LTSS
Vulnerabilities (5)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-1753 | Hig | 8.6 | < 1.25.1-150100.3.23.1 | 1.25.1-150100.3.23.1 | Mar 18, 2024 | A flaw was found in Buildah (and subsequently Podman Build) which allows containers to mount arbitrary locations on the host filesystem into build containers. A malicious Containerfile can use a dummy image with a symbolic link to the root filesystem as a mount source and cause t | |
| CVE-2022-2990 | — | < 1.25.1-150100.3.20.15 | 1.25.1-150100.3.20.15 | Sep 13, 2022 | An incorrect handling of the supplementary groups in the Buildah container engine might lead to the sensitive information disclosure or possible data modification if an attacker has direct access to the affected container where supplementary groups are used to set access permissi | ||
| CVE-2022-27651 | — | < 1.25.1-150100.3.13.12 | 1.25.1-150100.3.13.12 | Apr 4, 2022 | A flaw was found in buildah where containers were incorrectly started with non-empty default permissions. A bug was found in Moby (Docker Engine) where containers were incorrectly started with non-empty inheritable Linux process capabilities, enabling an attacker with access to p | ||
| CVE-2021-20206 | — | < 1.25.1-150100.3.13.12 | 1.25.1-150100.3.13.12 | Mar 26, 2021 | An improper limitation of path name flaw was found in containernetworking/cni in versions before 0.8.1. When specifying the plugin to load in the 'type' field in the network configuration, it is possible to use special elements such as "../" separators to reference binaries elsew | ||
| CVE-2020-10696 | — | < 1.25.1-150100.3.13.12 | 1.25.1-150100.3.13.12 | Mar 31, 2020 | A path traversal flaw was found in Buildah in versions before 1.14.5. This flaw allows an attacker to trick a user into building a malicious container image hosted on an HTTP(s) server and then write files to the user's system anywhere that the user has permissions. |
- affected < 1.25.1-150100.3.23.1fixed 1.25.1-150100.3.23.1
A flaw was found in Buildah (and subsequently Podman Build) which allows containers to mount arbitrary locations on the host filesystem into build containers. A malicious Containerfile can use a dummy image with a symbolic link to the root filesystem as a mount source and cause t
- CVE-2022-2990Sep 13, 2022affected < 1.25.1-150100.3.20.15fixed 1.25.1-150100.3.20.15
An incorrect handling of the supplementary groups in the Buildah container engine might lead to the sensitive information disclosure or possible data modification if an attacker has direct access to the affected container where supplementary groups are used to set access permissi
- CVE-2022-27651Apr 4, 2022affected < 1.25.1-150100.3.13.12fixed 1.25.1-150100.3.13.12
A flaw was found in buildah where containers were incorrectly started with non-empty default permissions. A bug was found in Moby (Docker Engine) where containers were incorrectly started with non-empty inheritable Linux process capabilities, enabling an attacker with access to p
- CVE-2021-20206Mar 26, 2021affected < 1.25.1-150100.3.13.12fixed 1.25.1-150100.3.13.12
An improper limitation of path name flaw was found in containernetworking/cni in versions before 0.8.1. When specifying the plugin to load in the 'type' field in the network configuration, it is possible to use special elements such as "../" separators to reference binaries elsew
- CVE-2020-10696Mar 31, 2020affected < 1.25.1-150100.3.13.12fixed 1.25.1-150100.3.13.12
A path traversal flaw was found in Buildah in versions before 1.14.5. This flaw allows an attacker to trick a user into building a malicious container image hosted on an HTTP(s) server and then write files to the user's system anywhere that the user has permissions.