CVSS: 5.9EPSS: 0%CPEs: 4EXPL: 0CVE-2022-4122 – podman: Symlink error leads to information disclosure
https://notcve.org/view.php?id=CVE-2022-4122
08 Dec 2022 — A vulnerability was found in buildah. Incorrect following of symlinks while reading .containerignore and .dockerignore results in information disclosure. Se encontró una vulnerabilidad en buildah. El seguimiento incorrecto de enlaces simbólicos al leer .containerignore y .dockerignore da como resultado la divulgación de información. A vulnerability was found in buildah and podman. • https://bugzilla.redhat.com/show_bug.cgi?id=2144983 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 3.3EPSS: 0%CPEs: 13EXPL: 0CVE-2022-4123
https://notcve.org/view.php?id=CVE-2022-4123
08 Dec 2022 — A flaw was found in Buildah. The local path and the lowest subdirectory may be disclosed due to incorrect absolute path traversal, resulting in an impact to confidentiality. • https://bugzilla.redhat.com/show_bug.cgi?id=2144989 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-23: Relative Path Traversal •