x/vulndb: potential Go vuln in github.com/containers/podman/v3: GHSA-4wjj-jwc9-2x96

[GoVulnBot]

In GitHub Security Advisory GHSA-4wjj-jwc9-2x96, there is a vulnerability in the following Go packages or modules:

Unit	Fixed	Vulnerable Ranges
github.com/containers/podman/v3	3.0.1	< 3.0.1

Cross references:

• Module github.com/containers/podman/v3 appears in issue x/vulndb: potential Go vuln in github.com/containers/podman/v3: GHSA-grh6-q6m2-rh72 #837 NOT_IMPORTABLE
• CVE-2022-2989 appears in issue x/vulndb: potential Go vuln in github.com/containers/podman/v3: CVE-2022-2989, GHSA-4wjj-jwc9-2x96 #1007 EFFECTIVELY_PRIVATE
• GHSA-4wjj-jwc9-2x96 appears in issue x/vulndb: potential Go vuln in github.com/containers/podman/v3: CVE-2022-2989, GHSA-4wjj-jwc9-2x96 #1007 EFFECTIVELY_PRIVATE
• Module github.com/containers/podman/v3 appears in issue x/vulndb: potential Go vuln in github.com/containers/podman/v3: CVE-2022-2989, GHSA-4wjj-jwc9-2x96 #1007 EFFECTIVELY_PRIVATE

See doc/triage.md for instructions on how to triage this report.

modules:
  - module: github.com/containers/podman/v3
    versions:
      - fixed: 3.0.1
    packages:
      - package: github.com/containers/podman/v3
  - module: github.com/containers/podman/v3
    versions:
      - fixed: 4.2.0
    packages:
      - package: github.com/containers/podman/v4
description: An incorrect handling of the supplementary groups in the Podman container
    engine might lead to the sensitive information disclosure or possible data modification
    if an attacker has direct access to the affected container where supplementary
    groups are used to set access permissions and is able to execute a binary code
    in that container.
cves:
  - CVE-2022-2989
ghsas:
  - GHSA-4wjj-jwc9-2x96

[tatianab]

Duplicate of #1007