PT-2019-11599 · Red Hat+1 · Podman+1

Sfowl

Publicado

2019-07-30

Atualizado

2024-08-20

CVE-2019-10152

CVSS v3.1

7.5

Alta

Vetor

AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: podman versions prior to 1.4.0

Description: A path traversal issue has been found in the way podman handles symlinks inside containers. This could allow an attacker who has already compromised a container to read or write arbitrary files on the host filesystem when an administrator attempts to copy files to or from the container.

Recommendations: For versions prior to 1.4.0, update to version 1.4.0 or later to resolve the issue. As a temporary workaround, consider restricting access to sensitive files on the host filesystem and limiting the use of symlinks inside containers until the update can be applied.

Correção

Path traversal

Link Following

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-22CWE-59

Identificadores relacionados

CVE-2019-10152

GHSA-RH5F-2W6R-Q7VJ

GO-2023-1927

OPENSUSE-SU-2019:2044-1

OPENSUSE-SU-2019_2044-1

OPENSUSE-SU-2024:10931-1

OPENSUSE-SU-2024:11177-1

RHSA-2019:1907

SUSE-SU-2019:2223-1

Produtos afetados

Suse

Podman

PT-2019-11599 · Red Hat+1 · Podman+1

CVE-2019-10152

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 32