Home

CVE-2019-18466

Description

An issue was discovered in Podman in libpod before 1.6.0. It resolves a symlink in the host context during a copy operation from the container to the host, because an undesired glob operation occurs. An attacker could create a container image containing particular symlinks that, when copied by a victim user to the host filesystem, may overwrite existing files with others from the host.

Risk Information

Base Score
5.5
MODERATE
Vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
EPSS Score
Exploitation Probability
0.839

Associated Vulnerability

VulnerabilityOS Platform
(RHSA-2020:1227) podman security, bug fix, and enhancement update podman-1.6.4-16.el7_8.x86_64.rpmLinux
(RHSA-2020:1227) podman security, bug fix, and enhancement update podman-docker-1.6.4-16.el7_8.noarch.rpmLinux
(RHSA-2019:4269) container-tools:rhel8 security and bug fix update oci-systemd-hook-0.1.15-2.git2d0b8a3.module+el8.1.0+4081+b29780af.x86_64.rpmLinux
(RHSA-2019:4269) container-tools:rhel8 security and bug fix update oci-systemd-hook-debugsource-0.1.15-2.git2d0b8a3.module+el8.1.0+4081+b29780af.x86_64.rpmLinux
(RHSA-2019:4269) container-tools:rhel8 security and bug fix update oci-umount-2.3.4-2.git87f9237.module+el8.1.0+4081+b29780af.x86_64.rpmLinux
(RHSA-2019:4269) container-tools:rhel8 security and bug fix update oci-umount-debugsource-2.3.4-2.git87f9237.module+el8.1.0+4081+b29780af.x86_64.rpmLinux
(RHSA-2019:4269)Important: security and bug fix update buildah-1.9.0-5.module+el8.1.0+4240+893c1ab8.x86_64.rpmLinux
(RHSA-2019:4269)Important: security and bug fix update buildah-debuginfo-1.9.0-5.module+el8.1.0+4240+893c1ab8.x86_64.rpmLinux
(RHSA-2019:4269)Important: security and bug fix update buildah-debugsource-1.9.0-5.module+el8.1.0+4240+893c1ab8.x86_64.rpmLinux
(RHSA-2019:4269)Important: security and bug fix update buildah-tests-1.9.0-5.module+el8.1.0+4240+893c1ab8.x86_64.rpmLinux
(RHSA-2019:4269)Important: security and bug fix update buildah-tests-debuginfo-1.9.0-5.module+el8.1.0+4240+893c1ab8.x86_64.rpmLinux
(RHSA-2019:4269)Important: security and bug fix update cockpit-podman-4-1.module+el8.1.0+4081+b29780af.noarch.rpmLinux
(RHSA-2019:4269)Important: security and bug fix update container-selinux-2.123.0-2.module+el8.1.0+4900+9d7326b8.noarch.rpmLinux
(RHSA-2019:4269)Important: security and bug fix update containernetworking-plugins-0.8.1-3.module+el8.1.0+4881+045289ee.x86_64.rpmLinux
(RHSA-2019:4269)Important: security and bug fix update containernetworking-plugins-debuginfo-0.8.1-3.module+el8.1.0+4881+045289ee.x86_64.rpmLinux
(RHSA-2019:4269)Important: security and bug fix update containernetworking-plugins-debugsource-0.8.1-3.module+el8.1.0+4881+045289ee.x86_64.rpmLinux
(RHSA-2019:4269)Important: security and bug fix update containers-common-0.1.37-6.module+el8.1.0+4876+e678a192.x86_64.rpmLinux
(RHSA-2019:4269)Important: security and bug fix update fuse-overlayfs-0.4.1-1.module+el8.1.0+4081+b29780af.x86_64.rpmLinux
(RHSA-2019:4269)Important: security and bug fix update fuse-overlayfs-debuginfo-0.4.1-1.module+el8.1.0+4081+b29780af.x86_64.rpmLinux
(RHSA-2019:4269)Important: security and bug fix update fuse-overlayfs-debugsource-0.4.1-1.module+el8.1.0+4081+b29780af.x86_64.rpmLinux
(RHSA-2019:4269)Important: security and bug fix update oci-systemd-hook-debuginfo-0.1.15-2.git2d0b8a3.module+el8.1.0+4081+b29780af.x86_64.rpmLinux
(RHSA-2019:4269)Important: security and bug fix update oci-umount-debuginfo-2.3.4-2.git87f9237.module+el8.1.0+4081+b29780af.x86_64.rpmLinux
(RHSA-2019:4269)Important: security and bug fix update podman-1.4.2-6.module+el8.1.0+4830+f49150d7.x86_64.rpmLinux
(RHSA-2019:4269)Important: security and bug fix update podman-debuginfo-1.4.2-6.module+el8.1.0+4830+f49150d7.x86_64.rpmLinux
(RHSA-2019:4269)Important: security and bug fix update podman-debugsource-1.4.2-6.module+el8.1.0+4830+f49150d7.x86_64.rpmLinux
(RHSA-2019:4269)Important: security and bug fix update podman-docker-1.4.2-6.module+el8.1.0+4830+f49150d7.noarch.rpmLinux
(RHSA-2019:4269)Important: security and bug fix update podman-manpages-1.4.2-6.module+el8.1.0+4830+f49150d7.noarch.rpmLinux
(RHSA-2019:4269)Important: security and bug fix update podman-remote-1.4.2-6.module+el8.1.0+4830+f49150d7.x86_64.rpmLinux
(RHSA-2019:4269)Important: security and bug fix update podman-remote-debuginfo-1.4.2-6.module+el8.1.0+4830+f49150d7.x86_64.rpmLinux
(RHSA-2019:4269)Important: security and bug fix update podman-tests-1.4.2-6.module+el8.1.0+4830+f49150d7.x86_64.rpmLinux
(RHSA-2019:4269)Important: security and bug fix update python-podman-api-1.2.0-0.1.gitd0a45fe.module+el8.1.0+4081+b29780af.noarch.rpmLinux
(RHSA-2019:4269)Important: security and bug fix update runc-1.0.0-61.rc8.module+el8.1.0+4873+4a24e241.x86_64.rpmLinux
(RHSA-2019:4269)Important: security and bug fix update runc-debuginfo-1.0.0-61.rc8.module+el8.1.0+4873+4a24e241.x86_64.rpmLinux
(RHSA-2019:4269)Important: security and bug fix update runc-debugsource-1.0.0-61.rc8.module+el8.1.0+4873+4a24e241.x86_64.rpmLinux
(RHSA-2019:4269)Important: security and bug fix update skopeo-0.1.37-6.module+el8.1.0+4876+e678a192.x86_64.rpmLinux
(RHSA-2019:4269)Important: security and bug fix update skopeo-debuginfo-0.1.37-6.module+el8.1.0+4876+e678a192.x86_64.rpmLinux
(RHSA-2019:4269)Important: security and bug fix update skopeo-debugsource-0.1.37-6.module+el8.1.0+4876+e678a192.x86_64.rpmLinux
(RHSA-2019:4269)Important: security and bug fix update skopeo-tests-0.1.37-6.module+el8.1.0+4876+e678a192.x86_64.rpmLinux
(RHSA-2019:4269)Important: security and bug fix update slirp4netns-0.3.0-4.module+el8.1.0+4306+1d917805.x86_64.rpmLinux
(RHSA-2019:4269)Important: security and bug fix update slirp4netns-debuginfo-0.3.0-4.module+el8.1.0+4306+1d917805.x86_64.rpmLinux
(RHSA-2019:4269)Important: security and bug fix update slirp4netns-debugsource-0.3.0-4.module+el8.1.0+4306+1d917805.x86_64.rpmLinux
(RHSA-2019:4269)Important: security and bug fix update toolbox-0.0.4-1.module+el8.1.0+4081+b29780af.x86_64.rpmLinux

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234