Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2022-04-04	CVE-2022-27651	Incorrect Default Permissions vulnerability in multiple products A flaw was found in buildah where containers were incorrectly started with non-empty default permissions. network high complexity buildah-project fedoraproject redhat CWE-276	6.8
2022-03-03	CVE-2021-3602	Improper Cross-boundary Removal of Sensitive Data vulnerability in multiple products An information disclosure flaw was found in Buildah, when building containers using chroot isolation. local low complexity buildah-project redhat CWE-212	5.5
2019-11-25	CVE-2019-10214	Insufficiently Protected Credentials vulnerability in multiple products The containers/image library used by the container tools Podman, Buildah, and Skopeo in Red Hat Enterprise Linux version 8 and CRI-O in OpenShift Container Platform, does not enforce TLS connections to the container registry authorization service. network high complexity redhat skopeo-project buildah-project libpod-project opensuse CWE-522	5.9