CVE-2020-14370
MEDIUMPodman < 2.0.5 - Information Disclosure via Environment Variable Leak
Title source: llmDescription
An information disclosure vulnerability was found in containers/podman in versions before 2.0.5. When using the deprecated Varlink API or the Docker-compatible REST API, if multiple containers are created in a short duration, the environment variables from the first container will get leaked into subsequent containers. An attacker who has control over the subsequent containers could use this flaw to gain access to sensitive information stored in such variables.
References (4)
Core 4
Core References
Mailing List, Third Party Advisory vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/G6BPCZX4ASKNONL3MSCK564IVXNYSKLP/
Mailing List, Third Party Advisory vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y74V7HGQBNLT6XECCSNZNFZIB7G7XSAR/
Mailing List, Third Party Advisory vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z4Y2FSGQWP4AFT5AZ6UBN6RKHVXUBRFV/
Issue Tracking, Patch, Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1874268
Scores
CVSS v3
5.3
EPSS
0.0140
EPSS Percentile
68.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-212
Status
published
Products (8)
containers/podman
0 - 2.0.5Go
fedoraproject/fedora
31
fedoraproject/fedora
32
fedoraproject/fedora
33
podman_project/podman
< 2.0.5
redhat/enterprise_linux
7.0
redhat/enterprise_linux
8.0
redhat/openshift_container_platform
4.6
Published
Sep 23, 2020
Tracked Since
Feb 18, 2026