Rapid7 Vulnerability & Exploit Database

Oracle Linux: CVE-2021-3602: ELSA-2021-4222: container-tools:3.0 security and bug fix update (MODERATE) (Multiple Advisories)

Free InsightVM Trial No Credit Card Necessary

2024 Attack Intel Report Latest research by Rapid7 Labs

Back to Search

Oracle Linux: CVE-2021-3602: ELSA-2021-4222: container-tools:3.0 security and bug fix update (MODERATE) (Multiple Advisories)

Severity

CVSS

(AV:L/AC:H/Au:S/C:C/I:N/A:N)

Published

07/15/2021

Created

11/19/2021

Added

11/17/2021

Modified

07/22/2024

Description

An information disclosure flaw was found in Buildah, when building containers using chroot isolation. Running processes in container builds (e.g. Dockerfile RUN commands) can access environment variables from parent and grandparent processes. When run in a container in a CI/CD environment, environment variables may include sensitive information that was shared with the container in order to be used only by Buildah itself (e.g. container registry credentials).

Solution(s)

oracle-linux-upgrade-buildah
oracle-linux-upgrade-buildah-tests
oracle-linux-upgrade-cockpit-podman
oracle-linux-upgrade-conmon
oracle-linux-upgrade-containernetworking-plugins
oracle-linux-upgrade-containers-common
oracle-linux-upgrade-container-selinux
oracle-linux-upgrade-crit
oracle-linux-upgrade-criu
oracle-linux-upgrade-criu-devel
oracle-linux-upgrade-criu-libs
oracle-linux-upgrade-crun
oracle-linux-upgrade-fuse-overlayfs
oracle-linux-upgrade-libslirp
oracle-linux-upgrade-libslirp-devel
oracle-linux-upgrade-oci-seccomp-bpf-hook
oracle-linux-upgrade-podman
oracle-linux-upgrade-podman-catatonit
oracle-linux-upgrade-podman-docker
oracle-linux-upgrade-podman-gvproxy
oracle-linux-upgrade-podman-plugins
oracle-linux-upgrade-podman-remote
oracle-linux-upgrade-podman-tests
oracle-linux-upgrade-python3-criu
oracle-linux-upgrade-python3-podman
oracle-linux-upgrade-python-podman-api
oracle-linux-upgrade-runc
oracle-linux-upgrade-skopeo
oracle-linux-upgrade-skopeo-tests
oracle-linux-upgrade-slirp4netns
oracle-linux-upgrade-udica

References

https://attackerkb.com/topics/cve-2021-3602
CVE - 2021-3602
ELSA-2021-4222
ELSA-2021-4154
ELSA-2021-4221

Advanced vulnerability management analytics and reporting.

Key Features

Free InsightVM Trial View All Features

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;

Rapid7 Vulnerability & Exploit Database

Oracle Linux: CVE-2021-3602: ELSA-2021-4222: container-tools:3.0 security and bug fix update (MODERATE) (Multiple Advisories)

Oracle Linux: CVE-2021-3602: ELSA-2021-4222: container-tools:3.0 security and bug fix update (MODERATE) (Multiple Advisories)

Description

Solution(s)

References

Success! Thank you for submission. We will be in touch shortly.

Oops! There was a problem in submission. Please try again.

Submit your information and we will get in touch with you.