What is CVE-2020-10696?

CVE-2020-10696 is a high-severity vulnerability in Buildah_project Buildah, classified under Path Traversal. CVSS score: 8.8/10. Published 2020-03-31.

How severe is CVE-2020-10696?

High severity. CVSS v3 base score is 8.8 out of 10.

Is CVE-2020-10696 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Path Traversal in Buildah_project Buildah

CVE-2020-10696

A path traversal flaw was found in Buildah in versions before 1.14.5. This flaw allows an attacker to trick a user into building a malicious container image hosted on an HTTP(s) server and then write files to the user's system anywhere tha…

Vulnerability class: Path Traversal (Directory Traversal)

EPSS: 0.026 (83.2th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 8.8 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H.

Affected products

Buildah_project Buildah
Red Hat Buildah — versions Fixed in buildah-1.14.5
Redhat Enterprise_linux — versions 7.0, 8.0
Redhat Openshift_container_platform — versions 3.11

Weakness classification (CWE)

CWE-22 — Path Traversal

Public proof-of-concept exploits

ARPSyndicate/cvemon

References

secalert@redhat.com (x_refsource_CONFIRM, Exploit, Patch, Third Party Advisory, Issue Tracking)
secalert@redhat.com (Exploit, Third Party Advisory, x_refsource_MISC)
secalert@redhat.com (Third Party Advisory, x_refsource_MISC)

Frequently asked questions

What is CVE-2020-10696?: CVE-2020-10696 is a high-severity vulnerability in Buildah_project Buildah, classified under Path Traversal. CVSS score: 8.8/10. Published 2020-03-31.
How severe is CVE-2020-10696?: High severity. CVSS v3 base score is 8.8 out of 10.
Is CVE-2020-10696 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.