Mend.io Vulnerability Database

What is a CVE vulnerability ID? icon What is a WS vulnerability ID? icon What is an MSC vulnerability ID? icon
New vulnerability? Tell us about it!
icon

We found results for “

CVE-2019-10152

Good to know:

icon

Date: July 30, 2019

A path traversal vulnerability has been discovered in podman before version 1.4.0 in the way it handles symlinks inside containers. An attacker who has compromised an existing container can cause arbitrary files on the host filesystem to be read/written when an administrator tries to copy a file from/to the container.

Language: Go

Severity Score

Related Resources (10)

https://github.com/containers/libpod/pull/3214
https://access.redhat.com/security/cve/CVE-2019-10152
http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00001.html
https://github.com/advisories/GHSA-rh5f-2w6r-q7vj
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10152
https://github.com/containers/libpod/blob/master/RELEASE_NOTES.md#140
https://github.com/containers/libpod
https://github.com/containers/libpod/issues/3211
https://nvd.nist.gov/vuln/detail/CVE-2019-10152
https://www.mend.io/vulnerability-database/CVE-2019-10152

Severity Score

Weakness Type (CWE)

Improper Link Resolution Before File Access ('Link Following')

CWE-59

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CWE-22

Top Fix

icon

Upgrade Version

Upgrade to version github.com/containers/podman - v1.4.0

Learn More

CVSS v3.1

Base Score:
Attack Vector (AV): LOCAL
Attack Complexity (AC): HIGH
Privileges Required (PR): LOW
User Interaction (UI): REQUIRED
Scope (S): CHANGED
Confidentiality (C): HIGH
Integrity (I): HIGH
Availability (A): NONE

CVSS v2

Base Score:
Access Vector (AV): LOCAL
Access Complexity (AC): HIGH
Authentication (AU): NONE
Confidentiality (C): PARTIAL
Integrity (I): PARTIAL
Availability (A): NONE
Additional information:

Do you need more information?

Contact Us