Headline
GHSA-4crw-w8pw-2hmf: Buildah (as part of Podman) vulnerable to Link Following
A vulnerability was found in buildah. Incorrect following of symlinks while reading .containerignore and .dockerignore results in information disclosure.
Buildah (as part of Podman) vulnerable to Link Following
Moderate severity GitHub Reviewed Published Dec 8, 2022 • Updated Dec 8, 2022
Related news
Red Hat Security Advisory 2024-9102-03 - An update for podman is now available for Red Hat Enterprise Linux 9. Issues addressed include denial of service and information leakage vulnerabilities.
Red Hat Security Advisory 2024-2077-03 - An update for the container-tools:rhel8 module is now available for Red Hat Enterprise Linux 8.8 Extended Update Support. Issues addressed include an information leakage vulnerability.
A vulnerability was found in buildah. Incorrect following of symlinks while reading .containerignore and .dockerignore results in information disclosure.