CVE-2019-18466

CVSS v2.0

5.8

Medium

Vector

AV:N/AC:M/Au:N/C:N/I:P/A:P

Name of the Vulnerable Software and Affected Versions Podman versions prior to 1.6.0

Description The issue is related to the handling of symbolic links in the libpod library of Podman. It allows an attacker to create a container image with specific symlinks that, when copied to the host filesystem by a victim user, may overwrite existing files with other files from the host. This could potentially lead to unauthorized modifications of the host system.

Recommendations For versions prior to 1.6.0, update to version 1.6.0 or later to resolve the issue. As a temporary workaround, consider restricting the use of the copy operation from the container to the host to minimize the risk of exploitation. Avoid using Podman to copy files from containers to the host filesystem until the issue is resolved.

Exploit

Fix

Link Following

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-59

Related Identifiers

ALSA-2019:4269

BDU:2020-02713

CESA-2019_4269

CVE-2019-18466

GHSA-R34V-GQMW-QVGJ

GO-2023-1942

OPENSUSE-SU-2020:0398-1

OPENSUSE-SU-2020_0398-1

RHSA-2019:4269

RHSA-2019_4269

RHSA-2020:1227

RLSA-2019:4269

SUSE-SU-2020:0697-1

SUSE-SU-2020_0697-1

Affected Products

Almalinux

Centos

Podman

Red Hat

Rocky Linux

Suse

CVE-2019-18466

Weakness Enumeration

Related Identifiers

Affected Products

References · 36