rpm package
suse/buildah&distro=SUSE Manager Proxy 4.1
pkg:rpm/suse/buildah&distro=SUSE%20Manager%20Proxy%204.1
Vulnerabilities (3)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2022-27651 | — | < 1.25.1-150100.3.13.12 | 1.25.1-150100.3.13.12 | Apr 4, 2022 | A flaw was found in buildah where containers were incorrectly started with non-empty default permissions. A bug was found in Moby (Docker Engine) where containers were incorrectly started with non-empty inheritable Linux process capabilities, enabling an attacker with access to p | ||
| CVE-2021-20206 | — | < 1.25.1-150100.3.13.12 | 1.25.1-150100.3.13.12 | Mar 26, 2021 | An improper limitation of path name flaw was found in containernetworking/cni in versions before 0.8.1. When specifying the plugin to load in the 'type' field in the network configuration, it is possible to use special elements such as "../" separators to reference binaries elsew | ||
| CVE-2020-10696 | — | < 1.25.1-150100.3.13.12 | 1.25.1-150100.3.13.12 | Mar 31, 2020 | A path traversal flaw was found in Buildah in versions before 1.14.5. This flaw allows an attacker to trick a user into building a malicious container image hosted on an HTTP(s) server and then write files to the user's system anywhere that the user has permissions. |
- CVE-2022-27651Apr 4, 2022affected < 1.25.1-150100.3.13.12fixed 1.25.1-150100.3.13.12
A flaw was found in buildah where containers were incorrectly started with non-empty default permissions. A bug was found in Moby (Docker Engine) where containers were incorrectly started with non-empty inheritable Linux process capabilities, enabling an attacker with access to p
- CVE-2021-20206Mar 26, 2021affected < 1.25.1-150100.3.13.12fixed 1.25.1-150100.3.13.12
An improper limitation of path name flaw was found in containernetworking/cni in versions before 0.8.1. When specifying the plugin to load in the 'type' field in the network configuration, it is possible to use special elements such as "../" separators to reference binaries elsew
- CVE-2020-10696Mar 31, 2020affected < 1.25.1-150100.3.13.12fixed 1.25.1-150100.3.13.12
A path traversal flaw was found in Buildah in versions before 1.14.5. This flaw allows an attacker to trick a user into building a malicious container image hosted on an HTTP(s) server and then write files to the user's system anywhere that the user has permissions.