What is CVE-2019-10152?

CVE-2019-10152 is a path traversal vulnerability in podman before version 1.4.0.

How does CVE-2019-10152 affect the host filesystem?

An attacker who has compromised an existing container can read/write arbitrary files on the host filesystem when an administrator tries to copy a file from the container.

Which software versions are affected by CVE-2019-10152?

podman before version 1.4.0, Libpod Project Libpod up to version 1.4.0, openSUSE Leap 15.1.

What is the severity of CVE-2019-10152?

CVE-2019-10152 has a severity rating of 7.2 (high).

How can I fix CVE-2019-10152?

Update podman to version 1.4.0 or higher.

Vulnerability/
CVE-2019-10152

high

7.5

CWE

22 59

30/7/2019

24/5/2022

4/8/2024

CVE-2019-10152: Path Traversal

First published: Tue Jul 30 2019(Updated: )

A path traversal vulnerability has been discovered in podman before version 1.4.0 in the way it handles symlinks inside containers. An attacker who has compromised an existing container can cause arbitrary files on the host filesystem to be read/written when an administrator tries to copy a file from/to the container.

Credit: secalert@redhat.com secalert@redhat.com

Affected Software	Affected Version	How to fix
Libpod Project Libpod	<1.4.0
openSUSE Leap	=15.1

Remedy

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10152

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is CVE-2019-10152?
CVE-2019-10152 is a path traversal vulnerability in podman before version 1.4.0.
How does CVE-2019-10152 affect the host filesystem?
An attacker who has compromised an existing container can read/write arbitrary files on the host filesystem when an administrator tries to copy a file from the container.
Which software versions are affected by CVE-2019-10152?
podman before version 1.4.0, Libpod Project Libpod up to version 1.4.0, openSUSE Leap 15.1.
What is the severity of CVE-2019-10152?
CVE-2019-10152 has a severity rating of 7.2 (high).
How can I fix CVE-2019-10152?
Update podman to version 1.4.0 or higher.

collector/github-advisory-latest
alias/GHSA-rh5f-2w6r-q7vj
alias/CVE-2019-10152
collector/github-advisory
collector/nvd-index
collector/nvd-cve
agent/author
agent/event
agent/type
agent/description
agent/remedy
agent/first-publish-date
agent/references
agent/severity
agent/weakness
agent/last-modified-date
agent/softwarecombine
agent/tags
collector/mitre-cve
source/MITRE
package-manager/go
vendor/libpod project
canonical/libpod project libpod
vendor/opensuse
canonical/opensuse leap
version/opensuse leap/15.1

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.