CVE-2022-4123: 
Podman vulnerability analysis and mitigation

A vulnerability was discovered in Buildah (CVE-2022-4123), which was reported on November 22, 2022. The flaw involves incorrect absolute path traversal in Buildah, which could lead to the disclosure of local paths and the lowest subdirectory. This vulnerability affects various versions of Podman and was introduced in Podman release v4.1.0-rc1 (RedHat Bugzilla).

The vulnerability is classified as a path traversal issue (CWE-22 and CWE-23) with a CVSS v3.1 Base Score of 3.3 (LOW), and vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N. The flaw specifically manifests when running Podman with remote build commands, potentially exposing the absolute path of an empty context directory (NVD).

The vulnerability's impact is primarily related to information disclosure, specifically the potential exposure of local absolute paths. The severity is considered low as the disclosed information (local paths) is not highly sensitive (RedHat Bugzilla).

The vulnerability affects multiple versions of Podman, including versions 4.1.0 through 4.3.0, and various Fedora releases (35, 36, and 37). Multiple tracking bugs have been created to address this issue across different platforms (RedHat Bugzilla).