This flaw was found in Buildah via podman,. > Type: information disclosure of a local absolute path > > Severity: very low. (A local path is not that sensitive information). > Feel free to just disregard this report if you think this issue has > too low importance. > > Summary: Podman may disclose the absolute path of an empty context dir > when running "podman --remote build -t test1 -f /tmp/Dockerfile > emptydir". The path could be logged in the container image. (The > lowest subdirectory of the absolute path might not be disclosed, see > discussion below) > > The issue was introduced in > https://github.com/containers/podman/pull/13531 > that went into the Podman release v4.1.0-rc1 >
Created buildah tracking bugs for this issue: Affects: fedora-35 [bug 2145054] Affects: fedora-36 [bug 2145055] Affects: fedora-37 [bug 2145056]
Created podman tracking bugs for this issue: Affects: fedora-35 [bug 2148228] Affects: fedora-36 [bug 2148231] Affects: fedora-37 [bug 2148234]