QwikSec

Security Database

CVE

CWE

Training

CVE-2019-10152

Published: Jul 30, 2019

Modified: Aug 4, 2024

PUBLISHED

CVSS v3.0

7.5

HIGH

Description

A path traversal vulnerability has been discovered in podman before version 1.4.0 in the way it handles symlinks inside containers. An attacker who has compromised an existing container can cause arbitrary files on the host filesystem to be read/written when an administrator tries to copy a file from/to the container.

Vendor	Product	Versions
Podman	podman	affected `fixed in 1.4.0`

Weaknesses (CWE)

CVSS v3.0 Details

CVSS v3.0 Vector

CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H

Attack Vector

Local

Attack Complexity

High

Privileges Required

Low

User Interaction

Required

Scope

Changed

Confidentiality

High

Integrity

High

Availability

High

References

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10152

x_refsource_CONFIRM

https://github.com/containers/libpod/issues/3211

x_refsource_CONFIRM

https://github.com/containers/libpod/pull/3214

x_refsource_CONFIRM

https://github.com/containers/libpod/blob/master/RELEASE_NOTES.md#140

x_refsource_CONFIRM

openSUSE-SU-2019:2044

vendor-advisory

x_refsource_SUSE

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.