CVE-2022-4123 — Relative Path Traversal in Containers Podman V4

CWE-23 — Relative Path Traversal CWE-22 — Path Traversal CWE-26410 documents8 sources

Severity

3.3LOWNVD

CISA8.8

EPSS

0.0%

top 86.73%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Github.com Containers Podman V4 Podman Project Podman Fedoraproject Fedora

Timeline

PublishedDec 8

Latest updateDec 22

Description

A flaw was found in Buildah. The local path and the lowest subdirectory may be disclosed due to incorrect absolute path traversal, resulting in an impact to confidentiality.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NExploitability: 1.8 | Impact: 1.4

Affected Packages3 packages

▶Gogithub.com/containers_podman_v44.1.0-rc1 — 4.4.1+1

▶CVEListV5podman_project/podmanPodman 4.3.0

▶NVDpodman_project/podman5 versions+4

Also affects: Fedora 35, 36, 37

🔴Vulnerability Details

OSV

Path traversal in github.com/containers/podman/v4↗2022-12-22

▶

OSV

Buildah (as part of Podman) vulnerable to Path Traversal↗2022-12-08

▶

GHSA

Buildah (as part of Podman) vulnerable to Path Traversal↗2022-12-08

▶

OSV

CVE-2022-4123: A flaw was found in Buildah↗2022-12-08

▶

CVEList

CVE-2022-4123: A flaw was found in Buildah↗2022-12-08

▶

📋Vendor Advisories

Microsoft

A flaw was found in Buildah. The local path and the lowest subdirectory may be disclosed due to incorrect absolute path traversal, resulting in an impact to confidentiality.↗2022-12-13

▶

Red Hat

podman: Path disclosure↗2022-11-22

▶

CISA

Microsoft Internet Explorer Privilege Escalation Vulnerability↗2022-05-25

▶

Debian

CVE-2022-4123: golang-github-containers-buildah - A flaw was found in Buildah. The local path and the lowest subdirectory may be d...↗2022

▶