CVE-2019-18466

low-risk
Published 2019-10-28

An issue was discovered in Podman in libpod before 1.6.0. It resolves a symlink in the host context during a copy operation from the container to the host, because an undesired glob operation occurs. An attacker could create a container image containing particular symlinks that, when copied by a victim user to the host filesystem, may overwrite existing files with others from the host.

Do I need to act?

-
0.84% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
5
CVSS 5.5/10 Medium
LOCAL / LOW complexity

Affected Products (1)

Libpod

Affected Vendors

Libpod Project

References (12)

http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00040.html
https://access.redhat.com/errata/RHSA-2019:4269
Issue Tracking https://bugzilla.redhat.com/show_bug.cgi?id=1744588
Patch https://github.com/containers/libpod/commit/5c09c4d2947a759724f9d5aef6bac04317e0...
Patch https://github.com/containers/libpod/compare/v1.5.1...v1.6.0
Exploit https://github.com/containers/libpod/issues/3829
http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00040.html
https://access.redhat.com/errata/RHSA-2019:4269
Issue Tracking https://bugzilla.redhat.com/show_bug.cgi?id=1744588
Patch https://github.com/containers/libpod/commit/5c09c4d2947a759724f9d5aef6bac04317e0...
Patch https://github.com/containers/libpod/compare/v1.5.1...v1.6.0
Exploit https://github.com/containers/libpod/issues/3829
26
/ 100
low-risk
Severity 18/34 · Moderate
Exploitability 3/34 · Minimal
Exposure 5/34 · Minimal