CVE-2020-10696

A path traversal flaw was found in Buildah in versions before 1.14.5. This flaw allows an attacker to trick a user into building a malicious container image hosted on an HTTP(s) server and then write files to the user's system anywhere that the user has permissions.
References
Link Resource
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10696 Exploit Issue Tracking Patch Third Party Advisory
https://github.com/containers/buildah/pull/2245 Exploit Third Party Advisory
https://access.redhat.com/security/cve/cve-2020-10696 Third Party Advisory
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

cpe:2.3:a:buildah_project:buildah:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:a:redhat:openshift_container_platform:3.11:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*

Information

Published : 2020-03-31 15:15

Updated : 2020-04-01 06:18


NVD link : CVE-2020-10696

Mitre link : CVE-2020-10696


JSON object : View

CWE
CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Advertisement

dedicated server usa

Products Affected

buildah_project

  • buildah

redhat

  • enterprise_linux
  • openshift_container_platform