CVE-2021-3602

An information disclosure flaw was found in Buildah, when building containers using chroot isolation. Running processes in container builds (e.g. Dockerfile RUN commands) can access environment variables from parent and grandparent processes. When run in a container in a CI/CD environment, environment variables may include sensitive information that was shared with the container in order to be used only by Buildah itself (e.g. container registry credentials).
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.5 MEDIUM
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 37%
Affected Products (NVD)
VendorProductVersion
buildah_projectbuildah
𝑥
< 1.16.8
buildah_projectbuildah
1.17.0 ≤
𝑥
< 1.17.2
buildah_projectbuildah
1.19.0 ≤
𝑥
< 1.19.9
buildah_projectbuildah
1.21.0 ≤
𝑥
< 1.21.3
redhatenterprise_linux
8.0
redhatenterprise_linux_for_ibm_z_systems
8.0
redhatenterprise_linux_for_power_little_endian
8.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
golang-github-containers-buildah
bookworm
1.28.2+ds1-3
fixed
bullseye
no-dsa
sid
1.37.5+ds1-1
fixed
trixie
1.37.5+ds1-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
golang-github-containers-buildah
bionic
dne
focal
dne
groovy
ignored
hirsute
ignored
impish
ignored
jammy
needed
kinetic
ignored
lunar
ignored
mantic
ignored
noble
needed
trusty
dne
xenial
ignored
openSUSE logo
openSUSE / SLES Releases
openSUSE Product
Release
conmon
suse enterprise sap 15 SP3
2.0.30-150300.8.3.1
fixed
suse enterprise server 15 SP3
2.0.30-150300.8.3.1
fixed
libcontainers-common-20210626
suse enterprise desktop 15 SP3
150300.8.3.1
fixed
suse enterprise sap 15 SP3
150300.8.3.1
fixed
suse enterprise server 15 SP3
150300.8.3.1
fixed
libcontainers-common-20240408
suse enterprise desktop 15 SP6
150600.1.1
fixed
suse enterprise desktop 15 SP7
150600.1.1
fixed
suse enterprise sap 15 SP6
150600.1.1
fixed
suse enterprise sap 15 SP7
150600.1.1
fixed
suse enterprise server 15 SP6
150600.1.1
fixed
suse enterprise server 15 SP7
150600.1.1
fixed
libcontainers-default-policy-20240408
suse enterprise desktop 15 SP6
150600.1.1
fixed
suse enterprise desktop 15 SP7
150600.1.1
fixed
suse enterprise sap 15 SP6
150600.1.1
fixed
suse enterprise sap 15 SP7
150600.1.1
fixed
suse enterprise server 15 SP6
150600.1.1
fixed
suse enterprise server 15 SP7
150600.1.1
fixed
libcontainers-sles-mounts-20240408
suse enterprise desktop 15 SP6
150600.1.1
fixed
suse enterprise desktop 15 SP7
150600.1.1
fixed
suse enterprise sap 15 SP6
150600.1.1
fixed
suse enterprise sap 15 SP7
150600.1.1
fixed
suse enterprise server 15 SP6
150600.1.1
fixed
suse enterprise server 15 SP7
150600.1.1
fixed
libseccomp-devel
suse enterprise desktop 15 SP3
2.5.3-150300.10.5.1
fixed
suse enterprise sap 15 SP3
2.5.3-150300.10.5.1
fixed
suse enterprise server 15 SP3
2.5.3-150300.10.5.1
fixed
libseccomp2
suse enterprise desktop 15 SP3
2.5.3-150300.10.5.1
fixed
suse enterprise sap 15 SP3
2.5.3-150300.10.5.1
fixed
suse enterprise server 15 SP3
2.5.3-150300.10.5.1
fixed
podman
suse enterprise sap 15 SP3
3.4.4-150300.9.3.2
fixed
suse enterprise server 15 SP3
3.4.4-150300.9.3.2
fixed
podman-cni-config
suse enterprise sap 15 SP3
3.4.4-150300.9.3.2
fixed
suse enterprise server 15 SP3
3.4.4-150300.9.3.2
fixed
registries-conf-default-20240408
suse enterprise desktop 15 SP6
150600.1.1
fixed
suse enterprise desktop 15 SP7
150600.1.1
fixed
suse enterprise sap 15 SP6
150600.1.1
fixed
suse enterprise sap 15 SP7
150600.1.1
fixed
suse enterprise server 15 SP6
150600.1.1
fixed
suse enterprise server 15 SP7
150600.1.1
fixed
registries-conf-suse-20240408
suse enterprise desktop 15 SP6
150600.1.1
fixed
suse enterprise desktop 15 SP7
150600.1.1
fixed
suse enterprise sap 15 SP6
150600.1.1
fixed
suse enterprise sap 15 SP7
150600.1.1
fixed
suse enterprise server 15 SP6
150600.1.1
fixed
suse enterprise server 15 SP7
150600.1.1
fixed
Common Weakness Enumeration
References
https://bugzilla.redhat.com/show_bug.cgi?id=1969264
https://github.com/containers/buildah/commit/a468ce0ffd347035d53ee0e26c205ef604097fb0
https://github.com/containers/buildah/security/advisories/GHSA-7638-r9r3-rmjj
https://ubuntu.com/security/CVE-2021-3602
https://bugzilla.redhat.com/show_bug.cgi?id=1969264
https://github.com/containers/buildah/commit/a468ce0ffd347035d53ee0e26c205ef604097fb0
https://github.com/containers/buildah/security/advisories/GHSA-7638-r9r3-rmjj
https://ubuntu.com/security/CVE-2021-3602