CVE-2020-14370 – podman: environment variables leak between containers when started via Varlink or Docker-compatible REST API

https://notcve.org/view.php?id=CVE-2020-14370

An information disclosure vulnerability was found in containers/podman in versions before 2.0.5. When using the deprecated Varlink API or the Docker-compatible REST API, if multiple containers are created in a short duration, the environment variables from the first container will get leaked into subsequent containers. An attacker who has control over the subsequent containers could use this flaw to gain access to sensitive information stored in such variables. Se encontró una vulnerabilidad de divulgación de información en containers/podman en versiones anteriores a 2.0.5. Cuando se usa la API Varlink obsoleta o la API REST compatible con Docker, si son creados varios contenedores en un período corto, las variables de entorno desde el primer contenedor son filtradas hacia los contenedores posteriores. • https://bugzilla.redhat.com/show_bug.cgi?id=1874268 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/G6BPCZX4ASKNONL3MSCK564IVXNYSKLP https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y74V7HGQBNLT6XECCSNZNFZIB7G7XSAR https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z4Y2FSGQWP4AFT5AZ6UBN6RKHVXUBRFV https://access.redhat.com/security/cve/CVE-2020-14370 • CWE-212: Improper Removal of Sensitive Information Before Storage or Transfer •