| id: GO-2022-1159 |
| modules: |
| - module: github.com/containers/podman/v4 |
| versions: |
| - introduced: 4.1.0-rc1 |
| vulnerable_at: 4.3.1 |
| packages: |
| - package: github.com/containers/podman/v4/pkg/bindings/images |
| symbols: |
| - Build |
| - nTar |
| summary: Path traversal in github.com/containers/podman/v4 |
| description: |- |
| The local path and the lowest subdirectory may be disclosed due to incorrect |
| absolute path traversal, resulting in an impact to confidentiality. |
| cves: |
| - CVE-2022-4123 |
| ghsas: |
| - GHSA-rprg-4v7q-87v7 |
| credits: |
| - Sage McTaggart |
| references: |
| - report: https://bugzilla.redhat.com/show_bug.cgi?id=2144989 |
| - web: https://github.com/containers/podman/pull/13531 |
| review_status: REVIEWED |