← back
CVE-2019-10152

CVE-2019-10152

CVSS 7.5 HIGHEPSS 0.5%CWE-22CWE-59
Vexday Risk Score
21Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 7.5EPSS 0.5%KEV nãoPoC Nuclei Metasploit Patch referenciado
Lifecycle
30 Jul 2019Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
A path traversal vulnerability has been discovered in podman before version 1.4.0 in the way it handles symlinks inside containers. An attacker who has compromised an existing container can cause arbitrary files on the host filesystem to be read/written when an administrator tries to copy a file from/to the container.
CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H
Affected products
Podman · podman

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00001.htmlhttps://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10152https://github.com/containers/libpod/blob/master/RELEASE_NOTES.md#140https://github.com/containers/libpod/issues/3211https://github.com/containers/libpod/pull/3214