CVE-2020-10696
published 2020-03-31CVE-2020-10696: A path traversal flaw was found in Buildah in versions before 1.14.5. This flaw allows an attacker to trick a user into building a malicious container image…
high8.8CVSS 3.1
AVNACLPRNUIRSUCHIHAH
A path traversal flaw was found in Buildah in versions before 1.14.5. This flaw allows an attacker to trick a user into building a malicious container image hosted on an HTTP(s) server and then write files to the user's system anywhere that the user has permissions.
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| buildah_project | buildah | < 1.14.5 | 1.14.5 |
| debian | golang-github-containers-buildah | < golang-github-containers-buildah 1.11.6-2 (bookworm) | golang-github-containers-buildah 1.11.6-2 (bookworm) |
| github.com | containers_buildah | >= 0 < 1.14.4 | 1.14.4 |
| red_hat | buildah | — | — |
| redhat | enterprise_linux | — | — |
| redhat | enterprise_linux | — | — |
| redhat | openshift_container_platform | — | — |
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
osv8.8HIGH