rpm package
suse/buildah&distro=SUSE Linux Enterprise Server 15 SP1-LTSS
pkg:rpm/suse/buildah&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-LTSS
Vulnerabilities (4)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2022-2990 | — | < 1.25.1-150100.3.20.15 | 1.25.1-150100.3.20.15 | Sep 13, 2022 | An incorrect handling of the supplementary groups in the Buildah container engine might lead to the sensitive information disclosure or possible data modification if an attacker has direct access to the affected container where supplementary groups are used to set access permissi | ||
| CVE-2022-27651 | — | < 1.25.1-150100.3.13.12 | 1.25.1-150100.3.13.12 | Apr 4, 2022 | A flaw was found in buildah where containers were incorrectly started with non-empty default permissions. A bug was found in Moby (Docker Engine) where containers were incorrectly started with non-empty inheritable Linux process capabilities, enabling an attacker with access to p | ||
| CVE-2021-20206 | — | < 1.25.1-150100.3.13.12 | 1.25.1-150100.3.13.12 | Mar 26, 2021 | An improper limitation of path name flaw was found in containernetworking/cni in versions before 0.8.1. When specifying the plugin to load in the 'type' field in the network configuration, it is possible to use special elements such as "../" separators to reference binaries elsew | ||
| CVE-2020-10696 | — | < 1.25.1-150100.3.13.12 | 1.25.1-150100.3.13.12 | Mar 31, 2020 | A path traversal flaw was found in Buildah in versions before 1.14.5. This flaw allows an attacker to trick a user into building a malicious container image hosted on an HTTP(s) server and then write files to the user's system anywhere that the user has permissions. |
- CVE-2022-2990Sep 13, 2022affected < 1.25.1-150100.3.20.15fixed 1.25.1-150100.3.20.15
An incorrect handling of the supplementary groups in the Buildah container engine might lead to the sensitive information disclosure or possible data modification if an attacker has direct access to the affected container where supplementary groups are used to set access permissi
- CVE-2022-27651Apr 4, 2022affected < 1.25.1-150100.3.13.12fixed 1.25.1-150100.3.13.12
A flaw was found in buildah where containers were incorrectly started with non-empty default permissions. A bug was found in Moby (Docker Engine) where containers were incorrectly started with non-empty inheritable Linux process capabilities, enabling an attacker with access to p
- CVE-2021-20206Mar 26, 2021affected < 1.25.1-150100.3.13.12fixed 1.25.1-150100.3.13.12
An improper limitation of path name flaw was found in containernetworking/cni in versions before 0.8.1. When specifying the plugin to load in the 'type' field in the network configuration, it is possible to use special elements such as "../" separators to reference binaries elsew
- CVE-2020-10696Mar 31, 2020affected < 1.25.1-150100.3.13.12fixed 1.25.1-150100.3.13.12
A path traversal flaw was found in Buildah in versions before 1.14.5. This flaw allows an attacker to trick a user into building a malicious container image hosted on an HTTP(s) server and then write files to the user's system anywhere that the user has permissions.