CVE-2020-10696
HIGHbuildah < 1.14.5 - Path Traversal via Malicious Container Image
Title source: llmDescription
A path traversal flaw was found in Buildah in versions before 1.14.5. This flaw allows an attacker to trick a user into building a malicious container image hosted on an HTTP(s) server and then write files to the user's system anywhere that the user has permissions.
References (3)
Core 3
Core References
Exploit, Issue Tracking, Patch, Third Party Advisory x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10696
Exploit, Third Party Advisory x_refsource_misc
https://github.com/containers/buildah/pull/2245
Third Party Advisory x_refsource_misc
https://access.redhat.com/security/cve/cve-2020-10696
Scores
CVSS v3
8.8
EPSS
0.0026
EPSS Percentile
49.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Details
CWE
CWE-22
Status
published
Products (5)
buildah_project/buildah
< 1.14.5
containers/buildah
0 - 1.14.4Go
redhat/enterprise_linux
7.0
redhat/enterprise_linux
8.0
redhat/openshift_container_platform
3.11
Published
Mar 31, 2020
Tracked Since
Feb 18, 2026