Published: 28/10/2019 Updated: 15/01/2020

CVSS v2 Base Score: 5.8 | Impact Score: 4.9 | Exploitability Score: 8.6

CVSS v3 Base Score: 5.5 | Impact Score: 3.6 | Exploitability Score: 1.8

VMScore: 516

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:P

An issue exists in Podman in libpod prior to 1.6.0. It resolves a symlink in the host context during a copy operation from the container to the host, because an undesired glob operation occurs. An attacker could create a container image containing particular symlinks that, when copied by a victim user to the host filesystem, may overwrite existing files with others from the host.

Vulnerable Product	Search on Vulmon	Subscribe to Product
libpod project libpod

Synopsis Moderate: podman security, bug fix, and enhancement update Type/Severity Security Advisory: Moderate Topic An update for podman is now available for Red Hat Enterprise Linux 7 ExtrasRed Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scori ...

CWE-59 https://github.com/containers/libpod/compare/v1.5.1...v1.6.0 https://github.com/containers/libpod/commit/5c09c4d2947a759724f9d5aef6bac04317e03f7e https://bugzilla.redhat.com/show_bug.cgi?id=1744588 https://github.com/containers/libpod/issues/3829 https://access.redhat.com/errata/RHSA-2019:4269 http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00040.html https://access.redhat.com/errata/RHSA-2020:1227 https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2019-18466

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect