vulnerability
Arch Linux: Information disclosure (CVE-2020-14370)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 4 | (AV:N/AC:L/Au:S/C:P/I:N/A:N) | Sep 23, 2020 | Jul 11, 2025 | Mar 25, 2026 |
Severity
4
CVSS
(AV:N/AC:L/Au:S/C:P/I:N/A:N)
Published
Sep 23, 2020
Added
Jul 11, 2025
Modified
Mar 25, 2026
Description
A flaw was discovered in Podman before upstream version 2.0.5. When using the deprecated Varlink API or the Docker-compatible REST API, if multiple containers are created in a short duration, the environment variables from the first containers will get leaked into subsequent containers. An attacker who has control over those subsequent containers may get access to secrets shared with previous containers through environment variables.
Solution
arch-linux-upgrade-latest
References
- CVE-2020-14370
- https://attackerkb.com/topics/CVE-2020-14370
- https://bugzilla.redhat.com/show_bug.cgi?id=1874268
- https://euvd.enisa.europa.eu/vulnerability/EUVD-2024-1181
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/G6BPCZX4ASKNONL3MSCK564IVXNYSKLP/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y74V7HGQBNLT6XECCSNZNFZIB7G7XSAR/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z4Y2FSGQWP4AFT5AZ6UBN6RKHVXUBRFV/
- https://security.archlinux.org/ASA-202009-11
- CWE-212
- EUVD-EUVD-2024-1181
Rapid7 Labs
2026 Global Threat Landscape Report
The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.