CVE-2022-4123 — Path traversal in github.com/containers/podman/v4

Description

A flaw was found in Buildah. The local path and the lowest subdirectory may be disclosed due to incorrect absolute path traversal, resulting in an impact to confidentiality.

How to fix CVE-2022-4123

No fixed version has been published yet. Mitigate by removing the affected package or applying upstream guidance from the references below.

Debian/golang-github-containers-buildah—no fix listed
—no fix listed
—no fix listed

Is CVE-2022-4123 being exploited?

Low — EPSS is 0.1%, meaning exploitation activity has not been observed at scale.

Affected packages (3)

from 0
>= 4.1.0-rc1, <= 4.4.1
>= 4.1.0-rc1

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	LOW3.3	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

References (8)

ADVISORYnvd.nist.gov/vuln/detail/CVE-2022-4123
ADVISORYsecurity-tracker.debian.org/tracker/CVE-2022-4123
PATCHgithub.com/containers/podman
WEBbugzilla.redhat.com/show_bug.cgi?id=2144989
WEB