This flaw was found in Buildah via podman,.
> Type: information disclosure of a local absolute path
> Severity: very low. (A local path is not that sensitive information).
> Feel free to just disregard this report if you think this issue has
> too low importance.
> Summary: Podman may disclose the absolute path of an empty context dir
> when running "podman --remote build -t test1 -f /tmp/Dockerfile
> emptydir". The path could be logged in the container image. (The
> lowest subdirectory of the absolute path might not be disclosed, see
> discussion below)
> The issue was introduced in
> that went into the Podman release v4.1.0-rc1
Created buildah tracking bugs for this issue:
Affects: fedora-35 [bug 2145054]
Affects: fedora-36 [bug 2145055]
Affects: fedora-37 [bug 2145056]
Created podman tracking bugs for this issue:
Affects: fedora-35 [bug 2148228]
Affects: fedora-36 [bug 2148231]
Affects: fedora-37 [bug 2148234]