VDB
CVE-2019-18466
CVE-2019-18466
PUBLISHED
CVSS 5.800000190734863 MEDIUM
An issue was discovered in Podman in libpod before 1.6.0. It resolves a symlink in the host context during a copy operation from the container to the host, because an undesired glob operation occurs. An attacker could create a container image containing particular symlinks that, when copied by a victim user to the host filesystem, may overwrite existing files with others from the host.
EPSS 0.84% · 75.1th percentile
Risk Scores
CVSS 2.0
5.800000190734863
EPSS Score
0.84%
75.1th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| libpod_project | libpod | 0 |
| n/a | n/a | n/a |
| github.com | containers/podman/v4 | 0 |
Exploit Intelligence
- https://github.com/containers/libpod/issues/3829 (nist-nvd)
- https://bugzilla.redhat.com/show_bug.cgi?id=1744588 (circl)
- https://github.com/containers/libpod/commit/5c09c4d2947a759724f9d5aef6bac04317e03f7e (circl)
- https://github.com/containers/libpod/compare/v1.5.1...v1.6.0 (circl)
- RHSA-2019:4269 (circl)
- openSUSE-SU-2020:0398 (circl)
Timeline
- Oct 28, 2019 CVE Published
- Apr 14, 2021 EPSS Score
- Jun 23, 2021 EPSS Score
- Aug 24, 2021 EPSS Score
- Dec 27, 2021 EPSS Score
- Jan 6, 2022 EPSS Score
- Feb 4, 2022 EPSS Score
- Feb 28, 2022 EPSS Score
- Apr 1, 2022 EPSS Score
- May 1, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
- Nov 6, 2022 EPSS Score
References
- https://github.com/containers/libpod/issues/3829 url
- https://bugzilla.redhat.com/show_bug.cgi?id=1744588 url
- https://github.com/containers/libpod/commit/5c09c4d2947a759724f9d5aef6bac04317e03f7e url
- https://github.com/containers/libpod/compare/v1.5.1...v1.6.0 url
- RHSA-2019:4269 vendor-advisory
- openSUSE-SU-2020:0398 vendor-advisory
- https://nvd.nist.gov/vuln/detail/CVE-2019-18466 advisory
- https://github.com/containers/libpod package