CVE-2021-3602

An information disclosure flaw was found in Buildah, when building containers using chroot isolation. Running processes in container builds (e.g. Dockerfile RUN commands) can access environment variables from parent and grandparent processes. When run in a container in a CI/CD environment, environment variables may include sensitive information that was shared with the container in order to be used only by Buildah itself (e.g. container registry credentials).
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:buildah_project:buildah:*:*:*:*:*:*:*:*
cpe:2.3:a:buildah_project:buildah:*:*:*:*:*:*:*:*
cpe:2.3:a:buildah_project:buildah:*:*:*:*:*:*:*:*
cpe:2.3:a:buildah_project:buildah:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:8.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:8.0:*:*:*:*:*:*:*

History

No history.

Information

Published : 2022-03-03 19:15

Updated : 2024-02-28 19:09


NVD link : CVE-2021-3602

Mitre link : CVE-2021-3602

CVE.ORG link : CVE-2021-3602


JSON object : View

Products Affected

redhat

  • enterprise_linux
  • enterprise_linux_for_ibm_z_systems
  • enterprise_linux_for_power_little_endian

buildah_project

  • buildah
CWE
CWE-212

Improper Removal of Sensitive Information Before Storage or Transfer

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor