CVE-2019-18466
N/A
N/A
Summary
An issue was discovered in Podman in libpod before 1.6.0. It resolves a symlink in the host context during a copy operation from the container to the host, because an undesired glob operation occurs. An attacker could create a container image containing particular symlinks that, when copied by a victim user to the host filesystem, may overwrite existing files with others from the host.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- https://bugzilla.redhat.com/show_bug.cgi?id=1744588
- https://github.com/containers/libpod/issues/3829
- https://github.com/containers/libpod/commit/5c09c4d2947a759724f9d5aef6bac04317e03f7e
- https://github.com/containers/libpod/compare/v1.5.1…v1.6.0
- https://access.redhat.com/errata/RHSA-2019:4269
- http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00040.html
References
- https://bugzilla.redhat.com/show_bug.cgi?id=1744588
- https://github.com/containers/libpod/issues/3829
- https://github.com/containers/libpod/commit/5c09c4d2947a759724f9d5aef6bac04317e03f7e
- https://github.com/containers/libpod/compare/v1.5.1…v1.6.0
- https://access.redhat.com/errata/RHSA-2019:4269
- http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00040.html
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.