Home > Vulnerability Database > CVE-2020-14370

Mend.io Vulnerability Database

CVE-2020-14370

Good to know:

Date: September 22, 2020

An information disclosure vulnerability was found in containers/podman in versions before 2.0.5. When using the deprecated Varlink API or the Docker-compatible REST API, if multiple containers are created in a short duration, the environment variables from the first container will get leaked into subsequent containers. An attacker who has control over the subsequent containers could use this flaw to gain access to sensitive information stored in such variables.

Language: Go

Severity Score

5.3

Related Resources (13)

Url: https://nvd.nist.gov/vuln/detail/CVE-2020-14370

Url: https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/G6BPCZX4ASKNONL3MSCK564IVXNYSKLP/

Url: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z4Y2FSGQWP4AFT5AZ6UBN6RKHVXUBRFV

Url: https://github.com/advisories/GHSA-c3wv-qmjj-45r6

Url: https://bugzilla.redhat.com/show_bug.cgi?id=1874268

Url: https://github.com/containers/podman/commit/a7e864e6e7de894d4edde4fff00e53dc6a0b5074

Url: https://github.com/containers/podman

Url: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/G6BPCZX4ASKNONL3MSCK564IVXNYSKLP

Url: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y74V7HGQBNLT6XECCSNZNFZIB7G7XSAR

Url: https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y74V7HGQBNLT6XECCSNZNFZIB7G7XSAR/

Url: https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z4Y2FSGQWP4AFT5AZ6UBN6RKHVXUBRFV/

Url: https://access.redhat.com/security/cve/CVE-2020-14370

Url: https://www.mend.io/vulnerability-database/CVE-2020-14370

Severity Score

5.3

Weakness Type (CWE)

Information Leak / Disclosure

CWE-200

Improper Removal of Sensitive Information Before Storage or Transfer

CWE-212

Top Fix

Upgrade Version

Upgrade to version v2.0.5

Learn More

CVSS v3.1

Base Score:	5.3
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	NONE
Availability (A):	NONE

CVSS v2

Base Score:	4.0
Access Vector (AV):	NETWORK
Access Complexity (AC):	LOW
Authentication (AU):	SINGLE
Confidentiality (C):	PARTIAL
Integrity (I):	NONE
Availability (A):	NONE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2020-14370

Good to know:

Date: September 22, 2020

Language: Go

Severity Score

Related Resources (13)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

CVSS v2

Do you need more information?