CVE-2019-10152

CVSS v3.1

7.5

High

Vector

AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: podman versions prior to 1.4.0

Description: A path traversal issue has been found in the way podman handles symlinks inside containers. This could allow an attacker who has already compromised a container to read or write arbitrary files on the host filesystem when an administrator attempts to copy files to or from the container.

Recommendations: For versions prior to 1.4.0, update to version 1.4.0 or later to resolve the issue. As a temporary workaround, consider restricting access to sensitive files on the host filesystem and limiting the use of symlinks inside containers until the update can be applied.

Fix

Path traversal

Link Following

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-22CWE-59

Related Identifiers

CVE-2019-10152

GHSA-RH5F-2W6R-Q7VJ

GO-2023-1927

OPENSUSE-SU-2019:2044-1

OPENSUSE-SU-2019_2044-1

OPENSUSE-SU-2024:10931-1

OPENSUSE-SU-2024:11177-1

RHSA-2019:1907

SUSE-SU-2019:2223-1

Affected Products

Suse

Podman

CVE-2019-10152

Weakness Enumeration

Related Identifiers

Affected Products

References · 32