CVE-2019-10152
HIGHlibpod < 1.4.0 - Path Traversal and Arbitrary File Write via Symlink Handling
Title source: llmDescription
A path traversal vulnerability has been discovered in podman before version 1.4.0 in the way it handles symlinks inside containers. An attacker who has compromised an existing container can cause arbitrary files on the host filesystem to be read/written when an administrator tries to copy a file from/to the container.
References (5)
Core 5
Core References
Issue Tracking, Patch, Third Party Advisory x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10152
Third Party Advisory x_refsource_confirm
https://github.com/containers/libpod/issues/3211
Third Party Advisory x_refsource_confirm
https://github.com/containers/libpod/pull/3214
Release Notes, Third Party Advisory x_refsource_confirm
https://github.com/containers/libpod/blob/master/RELEASE_NOTES.md#140
Mailing List, Third Party Advisory vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00001.html
Scores
CVSS v3
7.2
EPSS
0.0035
EPSS Percentile
57.6%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N
Details
CWE
CWE-22
CWE-59
Status
published
Products (3)
containers/podman
0 - 1.4.0Go
libpod_project/libpod
< 1.4.0
opensuse/leap
15.1
Published
Jul 30, 2019
Tracked Since
Feb 18, 2026