CVE-2020-10696

Опубликовано: 31 мар. 2020

Источник: nvd

CVSS3: 8.8

CVSS2: 9.3

EPSS Низкий

Описание

A path traversal flaw was found in Buildah in versions before 1.14.5. This flaw allows an attacker to trick a user into building a malicious container image hosted on an HTTP(s) server and then write files to the user's system anywhere that the user has permissions.

Ссылки

https://access.redhat.com/security/cve/cve-2020-10696
Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10696
Exploit
Issue Tracking
Patch
Third Party Advisory
https://github.com/containers/buildah/pull/2245
Exploit
Third Party Advisory
https://access.redhat.com/security/cve/cve-2020-10696
Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10696
Exploit
Issue Tracking
Patch
Third Party Advisory
https://github.com/containers/buildah/pull/2245
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:buildah_project:buildah:*:*:*:*:*:*:*:*

Версия до 1.14.5 (исключая)

Конфигурация 2

Одно из

cpe:2.3:a:redhat:openshift_container_platform:3.11:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*

EPSS

Процентиль: 71%

0.00677

Низкий

8.8 High

CVSS3

9.3 Critical

CVSS2

Дефекты

CWE-22

Связанные уязвимости

CVE-2020-10696

CVSS3: 8.8

ubuntu

около 5 лет назад

CVE-2020-10696

CVSS3: 8.8

redhat

около 5 лет назад

CVE-2020-10696

CVSS3: 8.8

debian

около 5 лет назад

A path traversal flaw was found in Buildah in versions before 1.14.5. ...

RLSA-2020:1932

rocky

около 5 лет назад

Important: container-tools:rhel8 security update

RLSA-2020:1931

rocky

около 5 лет назад

Important: container-tools:2.0 security update

EPSS

Процентиль: 71%

0.00677

Низкий

8.8 High

CVSS3

9.3 Critical

CVSS2

Дефекты

CWE-22