Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
NVD Vulnerability Details :
CVE-2019-18466
Modified
More InfoOfficial Page
Source-cve@mitre.org
View Known Exploited Vulnerability (KEV) details
Published At-28 Oct, 2019 | 13:15
Updated At-15 Jan, 2020 | 14:15

An issue was discovered in Podman in libpod before 1.6.0. It resolves a symlink in the host context during a copy operation from the container to the host, because an undesired glob operation occurs. An attacker could create a container image containing particular symlinks that, when copied by a victim user to the host filesystem, may overwrite existing files with others from the host.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.15.5MEDIUM
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
Primary2.05.8MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:P
CPE Matches
libpod_project
libpod_project
>>libpod>>Versions before 1.6.0(exclusive)
cpe:2.3:a:libpod_project:libpod:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-59Primarynvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00040.htmlcve@mitre.org
N/A
https://access.redhat.com/errata/RHSA-2019:4269cve@mitre.org
N/A
https://bugzilla.redhat.com/show_bug.cgi?id=1744588cve@mitre.org
Issue Tracking
Third Party Advisory
https://github.com/containers/libpod/commit/5c09c4d2947a759724f9d5aef6bac04317e03f7ecve@mitre.org
Patch
https://github.com/containers/libpod/compare/v1.5.1...v1.6.0cve@mitre.org
Patch
https://github.com/containers/libpod/issues/3829cve@mitre.org
Exploit
Third Party Advisory
Change History
0Changes found
Details not found