Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2019-18466

Опубликовано: 22 авг. 2019
Источник: redhat
CVSS3: 2.5
EPSS Низкий

Описание

An issue was discovered in Podman in libpod before 1.6.0. It resolves a symlink in the host context during a copy operation from the container to the host, because an undesired glob operation occurs. An attacker could create a container image containing particular symlinks that, when copied by a victim user to the host filesystem, may overwrite existing files with others from the host.

It was discovered that podman resolves a symlink in the host context during a copy operation from the container to the host. An attacker could create a container image containing particular symlinks that, when copied by a victim user to the host filesystem, may overwrite existing files with others from the host.

Отчет

This issue did not affect the versions of podman as shipped with Red Hat Enterprise Linux 8 as they did not include support for the copy function. This issue did not affect the versions of podman as shipped in OpenShift Container Platform 3.11 and 4.1 as they did not include support for the copy function. The version of podman shipped in OpenShift Container Platform 4.2 was superseded by the version delivered Red Hat Enterprise Linux 8.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 8container-tools:1.0/podmanNot affected
Red Hat OpenShift Container Platform 3.11podmanNot affected
Red Hat OpenShift Container Platform 4podmanWill not fix
Red Hat Enterprise Linux 7 ExtraspodmanFixedRHSA-2020:122701.04.2020
Red Hat Enterprise Linux 8container-toolsFixedRHSA-2019:426917.12.2019

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-59
https://bugzilla.redhat.com/show_bug.cgi?id=1744588podman: resolving symlink in host filesystem leads to unexpected results of copy operation

EPSS

Процентиль: 74%
0.00839
Низкий

2.5 Low

CVSS3

Связанные уязвимости

nvd логотип

CVE-2019-18466

CVSS3: 5.5
nvd
больше 5 лет назад

An issue was discovered in Podman in libpod before 1.6.0. It resolves a symlink in the host context during a copy operation from the container to the host, because an undesired glob operation occurs. An attacker could create a container image containing particular symlinks that, when copied by a victim user to the host filesystem, may overwrite existing files with others from the host.

debian логотип

CVE-2019-18466

CVSS3: 5.5
debian
больше 5 лет назад

An issue was discovered in Podman in libpod before 1.6.0. It resolves ...

suse-cvrf логотип

openSUSE-SU-2020:0398-1

suse-cvrf
около 5 лет назад

Security update for cni, cni-plugins, conmon, fuse-overlayfs, podman

suse-cvrf логотип

SUSE-SU-2020:0697-1

suse-cvrf
больше 5 лет назад

Security update for cni, cni-plugins, conmon, fuse-overlayfs, podman

github логотип

GHSA-r34v-gqmw-qvgj

CVSS3: 5.5
github
около 3 лет назад

Podman Symlink Vulnerability

EPSS

Процентиль: 74%
0.00839
Низкий

2.5 Low

CVSS3

Уязвимость CVE-2019-18466