Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2019-18837

Опубликовано: 13 нояб. 2019
Источник: nvd
CVSS3: 8.6
CVSS2: 5
EPSS Низкий

Описание

An issue was discovered in crun before 0.10.5. With a crafted image, it doesn't correctly check whether a target is a symlink, resulting in access to files outside of the container. This occurs in libcrun/linux.c and libcrun/chroot_realpath.c.

Ссылки

Уязвимые конфигурации

Конфигурация 1
cpe:2.3:a:crun_project:crun:*:*:*:*:*:*:*:*
Версия до 0.10.5 (исключая)
Конфигурация 2

Одно из

cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*

EPSS

Процентиль: 68%
0.00561
Низкий

8.6 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-59

Связанные уязвимости

ubuntu логотип

CVE-2019-18837

CVSS3: 8.6
ubuntu
около 6 лет назад

An issue was discovered in crun before 0.10.5. With a crafted image, it doesn't correctly check whether a target is a symlink, resulting in access to files outside of the container. This occurs in libcrun/linux.c and libcrun/chroot_realpath.c.

debian логотип

CVE-2019-18837

CVSS3: 8.6
debian
около 6 лет назад

An issue was discovered in crun before 0.10.5. With a crafted image, i ...

github логотип

GHSA-992m-xc3g-r7rj

github
больше 3 лет назад

An issue was discovered in crun before 0.10.5. With a crafted image, it doesn't correctly check whether a target is a symlink, resulting in access to files outside of the container. This occurs in libcrun/linux.c and libcrun/chroot_realpath.c.

EPSS

Процентиль: 68%
0.00561
Низкий

8.6 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-59