Relative Path Traversal
CVE-2022-4123
Summary
A flaw was found in Podman. The local path and the lowest subdirectory may be disclosed due to incorrect absolute path traversal, resulting in an impact to confidentiality. The issue affects versions 4.1.0-rc1 through 4.4.0-rc1.
- LOW
- LOCAL
- NONE
- UNCHANGED
- NONE
- LOW
- LOW
- NONE
CWE-23 - Relative Path Traversal
The software uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize sequences such as ".." that can resolve to a location that is outside of that directory.
References
Advisory Timeline
- Published