Skip to main content

Relative Path Traversal

CVE-2022-4123

Severity Low
Score 3.3/10

Summary

A flaw was found in Podman. The local path and the lowest subdirectory may be disclosed due to incorrect absolute path traversal, resulting in an impact to confidentiality. The issue affects versions 4.1.0-rc1 through 4.4.0-rc1.

  • LOW
  • LOCAL
  • NONE
  • UNCHANGED
  • NONE
  • LOW
  • LOW
  • NONE

CWE-23 - Relative Path Traversal

The software uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize sequences such as ".." that can resolve to a location that is outside of that directory.

Advisory Timeline

  • Published