CVE-2022-4122 – podman: Symlink error leads to information disclosure
https://notcve.org/view.php?id=CVE-2022-4122
A vulnerability was found in buildah. Incorrect following of symlinks while reading .containerignore and .dockerignore results in information disclosure. Se encontró una vulnerabilidad en buildah. El seguimiento incorrecto de enlaces simbólicos al leer .containerignore y .dockerignore da como resultado la divulgación de información. A vulnerability was found in buildah and podman. • https://bugzilla.redhat.com/show_bug.cgi?id=2144983 https://github.com/containers/podman/pull/16315 https://access.redhat.com/security/cve/CVE-2022-4122 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVE-2022-4123
https://notcve.org/view.php?id=CVE-2022-4123
A flaw was found in Buildah. The local path and the lowest subdirectory may be disclosed due to incorrect absolute path traversal, resulting in an impact to confidentiality. • https://bugzilla.redhat.com/show_bug.cgi?id=2144989 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-23: Relative Path Traversal •