Home > Vulnerability Database > CVE-2019-10152

Mend.io Vulnerability Database

CVE-2019-10152

Good to know:

Date: July 30, 2019

A path traversal vulnerability has been discovered in podman before version 1.4.0 in the way it handles symlinks inside containers. An attacker who has compromised an existing container can cause arbitrary files on the host filesystem to be read/written when an administrator tries to copy a file from/to the container.

Language: Go

Severity Score

7.2

Related Resources (10)

Url: https://github.com/containers/libpod/pull/3214

Url: https://access.redhat.com/security/cve/CVE-2019-10152

Url: http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00001.html

Url: https://github.com/advisories/GHSA-rh5f-2w6r-q7vj

Url: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10152

Url: https://github.com/containers/libpod/blob/master/RELEASE_NOTES.md#140

Url: https://github.com/containers/libpod

Url: https://github.com/containers/libpod/issues/3211

Url: https://nvd.nist.gov/vuln/detail/CVE-2019-10152

Url: https://www.mend.io/vulnerability-database/CVE-2019-10152

Severity Score

7.2

Weakness Type (CWE)

Link Following

CWE-59

Path Traversal

CWE-22

Top Fix

Upgrade Version

Upgrade to version v1.4.0

Learn More

CVSS v3.1

Base Score:	7.2
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	HIGH
Privileges Required (PR):	LOW
User Interaction (UI):	REQUIRED
Scope (S):	CHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	NONE

CVSS v2

Base Score:	2.6
Access Vector (AV):	LOCAL
Access Complexity (AC):	HIGH
Authentication (AU):	NONE
Confidentiality (C):	PARTIAL
Integrity (I):	PARTIAL
Availability (A):	NONE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2019-10152

Good to know:

Date: July 30, 2019

Language: Go

Severity Score

Related Resources (10)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

CVSS v2

Do you need more information?