CVE-2019-10152Path Traversal in Containers Podman

CWE-22Path TraversalCWE-59Link Following9 documents7 sources
Severity
7.2HIGHNVD
EPSS
0.4%
top 41.97%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Github.com Containers PodmanLibpod Project LibpodPodman+1 more
Timeline
PublishedJul 30
Latest updateAug 20

Description

A path traversal vulnerability has been discovered in podman before version 1.4.0 in the way it handles symlinks inside containers. An attacker who has compromised an existing container can cause arbitrary files on the host filesystem to be read/written when an administrator tries to copy a file from/to the container.

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:NExploitability: 0.8 | Impact: 5.8

Affected Packages4 packages

CVEListV5podman/podmanfixed in 1.4.0
NVDopensuse/leap15.1

Patches

Patch: bugzilla.redhat.comPatch: bugzilla.redhat.com

🔴Vulnerability Details

4
OSV
Podman Path Traversal Vulnerability leads to arbitrary file read/write in github.com/containers/podman2024-08-20
GHSA
Podman Path Traversal Vulnerability leads to arbitrary file read/write2022-05-24
OSV
Podman Path Traversal Vulnerability leads to arbitrary file read/write2022-05-24
CVEList
CVE-2019-10152: A path traversal vulnerability has been discovered in podman before version 12019-07-30

📋Vendor Advisories

2
Red Hat
podman: Improper symlink resolution allows access to host files when executing `podman cp` on running containers2019-05-29
Debian
CVE-2019-10152: libpod - A path traversal vulnerability has been discovered in podman before version 1.4....2019

💬Community

2
Bugzilla
CVE-2019-10152 podman: Improper symlink resolution allows access to host files when executing `podman cp` on running containers2019-05-30
Bugzilla
CVE-2019-10152 podman: Improper symlink resolution allows access to host files when executing `podman cp` on running containers [fedora-all]2019-05-30
CVE-2019-10152 — Path Traversal in Containers Podman | cvebase