Published: 31/03/2020 Updated: 07/11/2023

CVSS v2 Base Score: 9.3 | Impact Score: 10 | Exploitability Score: 8.6

CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8

VMScore: 828

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

A path traversal flaw was found in Buildah in versions prior to 1.14.5. This flaw allows an malicious user to trick a user into building a malicious container image hosted on an HTTP(s) server and then write files to the user's system anywhere that the user has permissions.

Vulnerable Product	Search on Vulmon	Subscribe to Product
buildah project buildah
redhat enterprise linux 7.0
redhat openshift container platform 3.11
redhat enterprise linux 8.0

Synopsis Low: OpenShift Container Platform 4141 security update Type/Severity Security Advisory: Low Topic Red Hat OpenShift Container Platform release 4141 is now available withupdates to packages and images that fix several bugs and add enhancementsRed Hat Product Security has rated this update as ha ...

Synopsis Important: buildah security and bug fix update Type/Severity Security Advisory: Important Topic An update for buildah is now available for Red Hat Enterprise Linux 7 ExtrasRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System ...

Synopsis Low: OpenShift Container Platform 4312 podman security update Type/Severity Security Advisory: Low Topic An update for podman is now available for Red Hat OpenShift Container Platform 43Red Hat Product Security has rated this update as having a security impact of Low A Common Vulnerability Sco ...

Synopsis Important: container-tools:20 security update Type/Severity Security Advisory: Important Topic An update for the container-tools:20 module is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerabilit ...

Synopsis Important: podman security update Type/Severity Security Advisory: Important Topic An update for podman is now available for Red Hat Enterprise Linux 7 ExtrasRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base s ...

Synopsis Important: container-tools:10 security and bug fix update Type/Severity Security Advisory: Important Topic An update for the container-tools:10 module is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as having a security impact of Important A Common ...

Synopsis Important: OpenShift Container Platform 4228 security update Type/Severity Security Advisory: Important Topic Red Hat OpenShift Container Platform release 4228 is now available withupdates to packages and images that fix several bugs and add enhancementsRed Hat Product Security has rated this ...

Synopsis Important: container-tools:rhel8 security update Type/Severity Security Advisory: Important Topic An update for the container-tools:rhel8 module is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerab ...

CWE-22 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10696 https://github.com/containers/buildah/pull/2245 https://access.redhat.com/security/cve/cve-2020-10696 https://nvd.nist.gov https://access.redhat.com/errata/RHSA-2020:1449

CVE-2020-10696

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect