CVE-2019-10152

Summary

A path traversal vulnerability has been discovered in podman before version 1.4.0 in the way it handles symlinks inside containers. An attacker who has compromised an existing container can cause arbitrary files on the host filesystem to be read/written when an administrator tries to copy a file from/to the container.

Affected Software

VendorProductVersion RangeStatus
Podmanpodmanfixed in 1.4.0affected

Weaknesses

  • CWE-59: CWE-59
  • CWE-22: CWE-22

ADP Enrichment

CVE Program Container

Additional References

References