{
  "threat_severity" : "Moderate",
  "public_date" : "2022-11-22T00:00:00Z",
  "bugzilla" : {
    "description" : "podman: Symlink error leads to information disclosure",
    "id" : "2144983",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2144983"
  },
  "cvss3" : {
    "cvss3_base_score" : "5.9",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N",
    "status" : "verified"
  },
  "cwe" : "CWE-59",
  "details" : [ "A vulnerability was found in buildah. Incorrect following of symlinks while reading .containerignore and .dockerignore results in information disclosure.", "A vulnerability was found in buildah and podman. Incorrect following of symlinks while reading .containerignore and .dockerignore results in information disclosure." ],
  "statement" : "These bugs come about when \"podman --remote build ...\" is run, thus affecting buildah, but the bug itself needs to be fixed in podman, and ported to Buildah.",
  "acknowledgement" : "Red Hat would like to thank Erik Sjölund (Upstream) for reporting this issue.",
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 8.8 Extended Update Support",
    "release_date" : "2024-04-29T00:00:00Z",
    "advisory" : "RHSA-2024:2077",
    "cpe" : "cpe:/a:redhat:rhel_eus:8.8",
    "package" : "container-tools:rhel8-8080020240422101606.0f77c1b7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2024-11-12T00:00:00Z",
    "advisory" : "RHSA-2024:9102",
    "cpe" : "cpe:/a:redhat:enterprise_linux:9",
    "package" : "podman-2:5.2.2-1.el9"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Out of support scope",
    "package_name" : "buildah",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Out of support scope",
    "package_name" : "podman",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Affected",
    "package_name" : "container-tools:3.0/podman",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Will not fix",
    "package_name" : "container-tools:4.0/podman",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Affected",
    "package_name" : "container-tools:rhel8/podman",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat OpenShift Container Platform 3.11",
    "fix_state" : "Under investigation",
    "package_name" : "podman",
    "cpe" : "cpe:/a:redhat:openshift:3.11"
  }, {
    "product_name" : "Red Hat OpenShift Container Platform 4",
    "fix_state" : "Affected",
    "package_name" : "buildah",
    "cpe" : "cpe:/a:redhat:openshift:4"
  }, {
    "product_name" : "Red Hat OpenShift Container Platform 4",
    "fix_state" : "Under investigation",
    "package_name" : "podman",
    "cpe" : "cpe:/a:redhat:openshift:4"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2022-4122\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-4122\nhttps://github.com/containers/podman/pull/16315" ],
  "name" : "CVE-2022-4122",
  "csaw" : false
}