Candidate: CVE-2020-14370
PublicDate: 2020-09-23 13:15:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14370
 https://bugzilla.redhat.com/show_bug.cgi?id=1874268
 https://github.com/containers/podman/commit/a7e864e6e7de894d4edde4fff00e53dc6a0b5074
Description:
 An information disclosure vulnerability was found in containers/podman in
 versions before 2.0.5. When using the deprecated Varlink API or the
 Docker-compatible REST API, if multiple containers are created in a short
 duration, the environment variables from the first container will get
 leaked into subsequent containers. An attacker who has control over the
 subsequent containers could use this flaw to gain access to sensitive
 information stored in such variables.
Ubuntu-Description:
Notes:
Mitigation:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N [6.5 MEDIUM]


Patches_libpod:
 upstream: https://github.com/containers/podman/commit/a7e864e6e7de894d4edde4fff00e53dc6a0b5074
upstream_libpod: released (2.0.6+dfsg1-1)
precise/esm_libpod: DNE
trusty_libpod: ignored (out of standard support)
trusty/esm_libpod: DNE
xenial_libpod: DNE
bionic_libpod: DNE
focal_libpod: DNE
devel_libpod: not-affected (2.0.6+dfsg1-1ubuntu1)