Log

ASA-202009-8 created at 22 Sep 2020 21:03:41
AVG-1233 edited at 22 Sep 2020 21:03:24
Severity
- Unknown
+ High
CVE-2020-14370 edited at 22 Sep 2020 21:03:24
Severity
- Unknown
+ High
Remote
- Unknown
+ Remote
Type
- Unknown
+ Information disclosure
Description
+ A flaw was discovered in Podman before upstream version 2.0.5. When using the deprecated Varlink API or the Docker-compatible REST API, if multiple containers are created in a short duration, the environment variables from the first containers will get leaked into subsequent containers. An attacker who has control over those subsequent containers may get access to secrets shared with previous containers through environment variables.
References
+ https://github.com/containers/podman/commit/a7e864e6e7de894d4edde4fff00e53dc6a0b5074
Notes
AVG-1233 created at 22 Sep 2020 21:01:08
Packages
+ podman
Issues
+ CVE-2020-14370
Status
+ Vulnerable
Severity
+ Unknown
Affected
+ 2.0.6-1
Fixed
Ticket
Advisory qualified
+ Yes
References
Notes
CVE-2020-14370 created at 22 Sep 2020 21:01:08
ASA-202009-7 edited at 17 Sep 2020 21:39:20
ASA-202009-6 edited at 17 Sep 2020 21:39:18
AVG-1188 edited at 16 Sep 2020 00:06:40
Status
- Vulnerable
+ Unknown
AVG-1201 edited at 16 Sep 2020 00:06:40
Status
- Vulnerable
+ Unknown
AVG-1232 edited at 15 Sep 2020 19:39:19
Status
- Testing
+ Fixed
AVG-1210 edited at 15 Sep 2020 19:23:30
Status
- Vulnerable
+ Fixed
Fixed
+ 7.9.1-1
ASA-202009-7 edited at 15 Sep 2020 19:23:02
Impact
+ An attacker can trick the user to run code with a malicious gradle project.