#VU20502 Path traversal in Podman - CVE-2019-10152

Cybersecurity Help s.r.o.

Published: 2019-09-02

Vulnerability identifier: #VU20502

Vulnerability risk: Low

CVSSv4.0: 1.7 [CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2019-10152

CWE-ID: CWE-22

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Podman
Universal components / Libraries / Libraries used by multiple products

Vendor: Container Projects

Description

The vulnerability allows a local attacker to perform directory traversal attacks.

The vulnerability exists due to the software does not properly resolve symlinks within containers. A local authenticated attacker who has compromised an existing container can cause arbitrary files on the host filesystem to be read/written when an administrator tries to copy a file from/to the container.

Mitigation
Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Vulnerable software versions

Podman: 0.2 - 1.3.2

External links
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10152
https://github.com/containers/libpod/blob/master/RELEASE_NOTES.md#140
https://github.com/containers/libpod/issues/3211
https://github.com/containers/libpod/pull/3214

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

OpenSUSE Linux update for podman, slirp4netns and libcontainers-common

Red Hat update for podman