What is CVE-2019-10152?

CVE-2019-10152 is a high-severity vulnerability in Libpod_project Libpod, classified under Path Traversal. CVSS score: 7.2/10. Published 2019-07-30.

How severe is CVE-2019-10152?

High severity. CVSS v3 base score is 7.2 out of 10.

Path Traversal in Libpod_project Libpod

CVE-2019-10152

A path traversal vulnerability has been discovered in podman before version 1.4.0 in the way it handles symlinks inside containers. An attacker who has compromised an existing container can cause arbitrary files on the host filesystem to b…

Vulnerability class: Path Traversal (Directory Traversal)

EPSS: 0.005 (36.4th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.2 (High). Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N.

Affected products

Libpod_project Libpod
Podman — versions fixed in 1.4.0
Opensuse Leap — versions 15.1

Weakness classification (CWE)

References

secalert@redhat.com (x_refsource_CONFIRM, Patch, Third Party Advisory, Issue Tracking)
secalert@redhat.com (x_refsource_CONFIRM, Third Party Advisory)
secalert@redhat.com (x_refsource_CONFIRM, Third Party Advisory)
secalert@redhat.com (x_refsource_CONFIRM, Third Party Advisory, Release Notes)
secalert@redhat.com (vendor-advisory, Mailing List, Third Party Advisory, x_refsource_SUSE)

Frequently asked questions

What is CVE-2019-10152?: CVE-2019-10152 is a high-severity vulnerability in Libpod_project Libpod, classified under Path Traversal. CVSS score: 7.2/10. Published 2019-07-30.
How severe is CVE-2019-10152?: High severity. CVSS v3 base score is 7.2 out of 10.