PT-2024-29313 · Alibaba · Aliyuncontainerservice Pouch
Published
2024-09-23
·
Updated
2024-09-26
·
CVE-2024-41228
CVSS v3.1
7.6
High
| Vector | AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:L |
Name of the Vulnerable Software and Affected Versions
AliyunContainerService pouch version 1.3.1
Description
A symlink following vulnerability in the pouch cp function of AliyunContainerService pouch allows attackers to escalate privileges and write arbitrary files.
Recommendations
For AliyunContainerService pouch version 1.3.1, consider disabling the
pouch cp function until a patch is available to prevent privilege escalation and arbitrary file writing.Fix
Improper Privilege Management
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Aliyuncontainerservice Pouch