CVE-2022-2739: Exposure of Sensitive Information to an Unauthorized Actor

September 1, 2022 (updated July 21, 2023)

The version of podman as released for Red Hat Enterprise Linux 7 Extras via RHSA-2022:2190 advisory included an incorrect version of podman missing the fix for CVE-2020-14370, which was previously fixed via RHSA-2020:5056. This issue could possibly allow an attacker to gain access to sensitive information stored in environment variables.

References

access.redhat.com/security/cve/CVE-2022-2739
bugzilla.redhat.com/show_bug.cgi?id=2116927
nvd.nist.gov/vuln/detail/CVE-2022-2739

Code Behaviors & Features

Detect and mitigate CVE-2022-2739 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →