Information Exposure Affecting podman-tests package, versions <3:4.2.0-12.rhaos4.12.el9


Severity

Recommended
high

Based on Red Hat Enterprise Linux security rating.

Threat Intelligence

EPSS
0.05% (18th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk IDSNYK-RHEL9-PODMANTESTS-8349880
  • published7 Nov 2024
  • disclosed4 Sept 2024

Introduced: 4 Sep 2024

CVE-2024-44082  (opens in a new tab)
CWE-200  (opens in a new tab)

How to fix?

Upgrade RHEL:9 podman-tests to version 3:4.2.0-12.rhaos4.12.el9 or higher.
This issue was patched in RHSA-2024:8694.

NVD Description

Note: Versions mentioned in the description apply only to the upstream podman-tests package and not the podman-tests package as distributed by RHEL. See How to fix? for RHEL:9 relevant fixed versions and status.

In OpenStack Ironic before 26.0.1 and ironic-python-agent before 9.13.1, there is a vulnerability in image processing, in which a crafted image could be used by an authenticated user to exploit undesired behaviors in qemu-img, including possible unauthorized access to potentially sensitive data. The affected/fixed version details are: Ironic: <21.4.3, >=22.0.0 <23.0.2, >=23.1.0 <24.1.2, >=25.0.0 <26.0.1; Ironic-python-agent: <9.4.2, >=9.5.0 <9.7.1, >=9.8.0 <9.11.1, >=9.12.0 <9.13.1.

CVSS Scores

version 3.1