Vulnerability Details : CVE-2022-4122
A vulnerability was found in buildah. Incorrect following of symlinks while reading .containerignore and .dockerignore results in information disclosure.
Vulnerability category: Information leak
Products affected by CVE-2022-4122
- cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*
- cpe:2.3:a:podman_project:podman:4.3.0:-:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2022-4122
0.12%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 28 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2022-4122
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
5.3
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
3.9
|
1.4
|
134c704f-9b21-4f2e-91b3-4a467353bcc0 | 2025-04-22 |
|
5.3
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
3.9
|
1.4
|
NIST |
CWE ids for CVE-2022-4122
-
The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.Assigned by:
- 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Primary)
- secalert@redhat.com (Primary)
References for CVE-2022-4122
-
https://bugzilla.redhat.com/show_bug.cgi?id=2144983
2144983 – (CVE-2022-4122) CVE-2022-4122 Bulidah: Symlink error leads to information disclosureIssue Tracking;Third Party Advisory
-
https://github.com/containers/podman/pull/16315
remote,build: ignore if `.containerignore` or `.dockerignore` is a symlink outside of buildContext by flouthoc · Pull Request #16315 · containers/podman · GitHubPatch;Third Party Advisory
Jump to