CVE-2019-18466
CVSS v3.1
5.5 (Medium)
CVSS v2.0
5.8 (Medium)
EPSS
0.13 % (49th)
Affected Products
1
Advisories
5
An issue was discovered in Podman in libpod before 1.6.0. It resolves a symlink in the host context during a copy operation from the container to the host, because an undesired glob operation occurs. An attacker could create a container image containing particular symlinks that, when copied by a victim user to the host filesystem, may overwrite existing files with others from the host.
Weaknesses
- CWE-59
- Improper Link Resolution Before File Access ('Link Following')
- CVE Status
- PUBLISHED
- CNA
- MITRE
- Published Date
-
2019-10-28 13:15:11
(4 years ago) - Updated Date
-
2020-01-15 14:15:11
(4 years ago)
Affected Products
Loading...
Loading...
Loading...
Configuration #1
|
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...