Nalind

Name of the Vulnerable Software and Affected Versions: Buildah versions prior to 1.21.3 Description: An information disclosure flaw was found in Buildah when building containers using chroot isolation. Running processes in container builds, such as Dockerfile RUN commands, can access environment variables from parent and grandparent processes. In a CI/CD environment, these environment variables may include sensitive information, like container registry credentials, that was shared with the container to be used only by Buildah itself. Recommendations: For versions prior to 1.21.3, upgrade packages or images to include version 1.21.3 or later. As a temporary workaround, consider invoking `buildah` in a container under `env -i` to have it started with a reinitialized environment, which should prevent the leakage.