CVE-2022-2739

Published: Sep 1, 2022Modified: Nov 21, 2024

5.3

Vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

Exploitability: 1.6 / Impact: 3.6

Source: NVD

Description

The version of podman as released for Red Hat Enterprise Linux 7 Extras via RHSA-2022:2190 advisory included an incorrect version of podman missing the fix for CVE-2020-14370, which was previously fixed via RHSA-2020:5056. This issue could possibly allow an attacker to gain access to sensitive information stored in environment variables.

Affected (3)

Products: Redhat: Enterprise Linux Server, Enterprise Linux Workstation · Podman Project: Podman

2 products

Enterprise Linux Server

Enterprise Linux Workstation

1 product

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Redhat Enterprise Linux Server	Version 7.0
Redhat Enterprise Linux Workstation	Version 7.0

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Podman Project Podman	Version 1.6.4-32.el7_9

Related CWEs

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

Cleartext Storage of Sensitive Information

The product stores sensitive information in cleartext within a resource that might be accessible to another control sphere.

References (4)

https://access.redhat.com/security/cve/CVE-2022-2739

Source: secalert@redhat.com

Third Party Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=2116927

Source: secalert@redhat.com

Issue TrackingThird Party Advisory

https://access.redhat.com/security/cve/CVE-2022-2739

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=2116927

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingThird Party Advisory

Timeline

No history available yet.