Home
Packages
Forums
Wiki
GitLab
Security
AUR
Download

issues
advisories
todo
stats
log
login

CVE-2020-14370 - log back

CVE-2020-14370 edited at 22 Sep 2020 21:03:24

Severity

-	Unknown
+	High

Remote

-	Unknown
+	Remote

Type

-	Unknown
+	Information disclosure

Description

+

A flaw was discovered in Podman before upstream version 2.0.5. When using the deprecated Varlink API or the Docker-compatible REST API, if multiple containers are created in a short duration, the environment variables from the first containers will get leaked into subsequent containers. An attacker who has control over those subsequent containers may get access to secrets shared with previous containers through environment variables.

References

+	https://github.com/containers/podman/commit/a7e864e6e7de894d4edde4fff00e53dc6a0b5074

Notes

CVE-2020-14370 created at 22 Sep 2020 21:01:08