Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2021-3602

EPSS 0.12% · P31
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2021-3602

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
An information disclosure flaw was found in Buildah, when building containers using chroot isolation. Running processes in container builds (e.g. Dockerfile RUN commands) can access environment variables from parent and grandparent processes. When run in a container in a CI/CD environment, environment variables may include sensitive information that was shared with the container in order to be used only by Buildah itself (e.g. container registry credentials).
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
信息暴露
Source: NVD (National Vulnerability Database)
Vulnerability Title
Buildah 信息泄露漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Buildah是一款支持构建OCI容器映像的工具。 Buildah存在安全漏洞,该漏洞源于在容器构建中运行的进程(例如Dockerfile RUN命令)可以访问父进程和祖父进程的环境变量。当在CI CD环境中的容器中运行时,环境变量可能包括与容器共享的敏感信息,以便仅由build本身使用(例如容器注册表凭证)。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
-buildah Affects v1.21.2, v1.20.0, v1.19.8, v1.18.0, v1.17.1, v1.16.7, Fixed in v1.21.3, v1.19.9, v1.17.2, v1.16.8, v1.22.0 and above. -

II. Public POCs for CVE-2021-3602

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2021-3602

Please Login to view more intelligence information

Same Patch Batch · n/a · 2022-03-03 · 37 CVEs total

CVE-2021-458196.4 MEDIUMWordline HIDCCEMonitorSVC 代码问题漏洞
CVE-2021-3620Red Hat Ansible 安全漏洞
CVE-2022-25138Axelor Open Suite 跨站脚本漏洞
CVE-2022-26127FRRouting FRR 缓冲区错误漏洞
CVE-2022-26128FRRouting FRR 缓冲区错误漏洞
CVE-2022-26129FRRouting FRR 缓冲区错误漏洞
CVE-2022-23898MingSoft Mcms SQL注入漏洞
CVE-2022-23899MingSoft Mcms SQL注入漏洞
CVE-2022-25125MingSoft Mcms SQL注入漏洞
CVE-2022-22700CyberArk Identity 安全特征问题漏洞
CVE-2021-43774Fujifilm DocuCentre 加密问题漏洞
CVE-2021-3609Linux kernel 竞争条件问题漏洞
CVE-2021-3762Clair 路径遍历漏洞
CVE-2021-4002Linux kernel 安全漏洞
CVE-2022-23051PeTeReport 跨站脚本漏洞
CVE-2022-23052PeTeReport 跨站请求伪造漏洞
CVE-2022-25220PeTeReport 跨站脚本漏洞
CVE-2022-22943VMware Tools for Windows 代码问题漏洞
CVE-2021-3640Linux kernel 资源管理错误漏洞
CVE-2022-24573Element-IT HTTP Commander 跨站脚本漏洞

Showing top 20 of 37 CVEs. View all on vendor page → →

IV. Related Vulnerabilities

Same product: buildah
Same vendor: n/a
Same weakness: CWE-200

V. Comments for CVE-2021-3602

No comments yet

Leave a comment