CVE-2020-14370 log

Source
Severity High
Remote Yes
Type Information disclosure
Description
A flaw was discovered in Podman before upstream version 2.0.5. When using the deprecated Varlink API or the Docker-compatible REST API, if multiple containers are created in a short duration, the environment variables from the first containers will get leaked into subsequent containers. An attacker who has control over those subsequent containers may get access to secrets shared with previous containers through environment variables.
Group Package Affected Fixed Severity Status Ticket
AVG-1233 podman 2.0.6-1 2.1.0-1 High Fixed
Date Advisory Group Package Severity Type
26 Sep 2020 ASA-202009-11 AVG-1233 podman High information disclosure
References
https://github.com/containers/podman/commit/a7e864e6e7de894d4edde4fff00e53dc6a0b5074