CVE-2019-10152: Path Traversal
First published: Tue Jul 30 2019(Updated: )
A path traversal vulnerability has been discovered in podman before version 1.4.0 in the way it handles symlinks inside containers. An attacker who has compromised an existing container can cause arbitrary files on the host filesystem to be read/written when an administrator tries to copy a file from/to the container.
Credit: secalert@redhat.com secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Libpod Project Libpod | <1.4.0 | |
| openSUSE Leap | =15.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2019-10152?
CVE-2019-10152 is a path traversal vulnerability in podman before version 1.4.0.
How does CVE-2019-10152 affect the host filesystem?
An attacker who has compromised an existing container can read/write arbitrary files on the host filesystem when an administrator tries to copy a file from the container.
Which software versions are affected by CVE-2019-10152?
podman before version 1.4.0, Libpod Project Libpod up to version 1.4.0, openSUSE Leap 15.1.
What is the severity of CVE-2019-10152?
CVE-2019-10152 has a severity rating of 7.2 (high).
How can I fix CVE-2019-10152?
Update podman to version 1.4.0 or higher.
- collector/nvd-cve
- collector/nvd-index
- agent/author
- agent/description
- agent/event
- agent/first-publish-date
- agent/last-modified-date
- agent/references
- agent/remedy
- agent/severity
- agent/softwarecombine
- agent/tags
- agent/type
- agent/weakness
- vendor/libpod project
- canonical/libpod project libpod
- vendor/opensuse
- canonical/opensuse leap
- version/opensuse leap/15.1