CVE-2022-2739

CWE-200 — Information Exposure CWE-312 — Cleartext Storage of Sensitive Info4 documents4 sources

Severity

5.3MEDIUM

EPSS

0.2%

top 61.92%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Podman Project Podman Redhat Enterprise Linux Server Redhat Enterprise Linux Workstation

Timeline

PublishedSep 1

Latest updateSep 2

Description

The version of podman as released for Red Hat Enterprise Linux 7 Extras via RHSA-2022:2190 advisory included an incorrect version of podman missing the fix for CVE-2020-14370, which was previously fixed via RHSA-2020:5056. This issue could possibly allow an attacker to gain access to sensitive information stored in environment variables.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.6 | Impact: 3.6

Affected Packages4 packages

▶CVEListV5podmanpodman 1.6.4-32.el7_9

▶NVDpodman_project/podman1.6.4-32.el7_9

▶NVDredhat/enterprise_linux_server7.0

▶NVDredhat/enterprise_linux_workstation7.0

🔴Vulnerability Details

GHSA

GHSA-cqvr-p82r-76m9: The version of podman as released for Red Hat Enterprise Linux 7 Extras via RHSA-2022:2190 advisory included an incorrect version of podman missing th↗2022-09-02

▶

CVEList

CVE-2022-2739: The version of podman as released for Red Hat Enterprise Linux 7 Extras via RHSA-2022:2190 advisory included an incorrect version of podman missing th↗2022-09-01

▶

📋Vendor Advisories

Red Hat

podman: Security regression of CVE-2020-14370 due to source code management issue↗2022-08-19

▶