CVE-2020-14370

An information disclosure vulnerability was found in containers/podman in versions before 2.0.5. When using the deprecated Varlink API or the Docker-compatible REST API, if multiple containers are created in a short duration, the environment variables from the first container will get leaked into subsequent containers. An attacker who has control over the subsequent containers could use this flaw to gain access to sensitive information stored in such variables.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.3 MEDIUM
NETWORK
HIGH
LOW
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
redhatCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 31%
VendorProductVersion
podman_projectpodman
𝑥
< 2.0.5
redhatopenshift_container_platform
4.6
redhatenterprise_linux
7.0
redhatenterprise_linux
8.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
libpod
bullseye
3.0.1+dfsg1-3+deb11u5
fixed
bookworm
4.3.1+ds1-8+deb12u1
fixed
sid
5.2.2+ds1-2
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
libpod
focal
dne
bionic
dne
xenial
dne
trusty
dne