{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in Podman in libpod before 1.6.0. It resolves a symlink in the host context during a copy operation from the container to the host, because an undesired glob operation occurs. An attacker could create a container image containing particular symlinks that, when copied by a victim user to the host filesystem, may overwrite existing files with others from the host."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-03-29T00:06:06", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1744588"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/containers/libpod/issues/3829"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/containers/libpod/commit/5c09c4d2947a759724f9d5aef6bac04317e03f7e"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/containers/libpod/compare/v1.5.1...v1.6.0"}, {"name": "RHSA-2019:4269", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2019:4269"}, {"name": "openSUSE-SU-2020:0398", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00040.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2019-18466", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "An issue was discovered in Podman in libpod before 1.6.0. It resolves a symlink in the host context during a copy operation from the container to the host, because an undesired glob operation occurs. An attacker could create a container image containing particular symlinks that, when copied by a victim user to the host filesystem, may overwrite existing files with others from the host."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1744588", "refsource": "MISC", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1744588"}, {"name": "https://github.com/containers/libpod/issues/3829", "refsource": "MISC", "url": "https://github.com/containers/libpod/issues/3829"}, {"name": "https://github.com/containers/libpod/commit/5c09c4d2947a759724f9d5aef6bac04317e03f7e", "refsource": "MISC", "url": "https://github.com/containers/libpod/commit/5c09c4d2947a759724f9d5aef6bac04317e03f7e"}, {"name": "https://github.com/containers/libpod/compare/v1.5.1...v1.6.0", "refsource": "MISC", "url": "https://github.com/containers/libpod/compare/v1.5.1...v1.6.0"}, {"name": "RHSA-2019:4269", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:4269"}, {"name": "openSUSE-SU-2020:0398", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00040.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T01:54:14.351Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1744588"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/containers/libpod/issues/3829"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/containers/libpod/commit/5c09c4d2947a759724f9d5aef6bac04317e03f7e"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/containers/libpod/compare/v1.5.1...v1.6.0"}, {"name": "RHSA-2019:4269", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2019:4269"}, {"name": "openSUSE-SU-2020:0398", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00040.html"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2019-18466", "datePublished": "2019-10-28T12:37:00", "dateReserved": "2019-10-28T00:00:00", "dateUpdated": "2024-08-05T01:54:14.351Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:libpod_project:libpod:*:*:*:*:*:*:*:*", "matchCriteriaId": "49E75E62-0DB3-4D8F-A9E9-18450BE6723E", "versionEndExcluding": "1.6.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in Podman in libpod before 1.6.0. It resolves a symlink in the host context during a copy operation from the container to the host, because an undesired glob operation occurs. An attacker could create a container image containing particular symlinks that, when copied by a victim user to the host filesystem, may overwrite existing files with others from the host."}, {"lang": "es", "value": "Se descubri\u00f3 un problema en Podman en libpod versiones anteriores a la versi\u00f3n  1.6.0. Resuelve un enlace simb\u00f3lico (symlink) en el contexto del host durante una operaci\u00f3n de copia desde el contenedor hacia el host, porque se produce una operaci\u00f3n glob no deseada. Un atacante podr\u00eda crear una imagen de contenedor que contenga enlaces simb\u00f3licos particulares que, cuando sean copiados por parte de un usuario v\u00edctima hacia el sistema de archivos del host, pueden sobrescribir los archivos existentes con otros del host."}], "id": "CVE-2019-18466", "lastModified": "2024-11-21T04:33:17.487", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.8, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-10-28T13:15:11.430", "references": [{"source": "cve@mitre.org", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00040.html"}, {"source": "cve@mitre.org", "url": "https://access.redhat.com/errata/RHSA-2019:4269"}, {"source": "cve@mitre.org", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1744588"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "https://github.com/containers/libpod/commit/5c09c4d2947a759724f9d5aef6bac04317e03f7e"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "https://github.com/containers/libpod/compare/v1.5.1...v1.6.0"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/containers/libpod/issues/3829"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00040.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://access.redhat.com/errata/RHSA-2019:4269"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1744588"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://github.com/containers/libpod/commit/5c09c4d2947a759724f9d5aef6bac04317e03f7e"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://github.com/containers/libpod/compare/v1.5.1...v1.6.0"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/containers/libpod/issues/3829"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-59"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2020:1227", "cpe": "cpe:/a:redhat:rhel_extras_other:7", "package": "podman-0:1.6.4-16.el7_8", "product_name": "Red Hat Enterprise Linux 7 Extras", "release_date": "2020-04-01T00:00:00Z"}, {"advisory": "RHSA-2019:4269", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "container-tools:rhel8-8010020191126140055.c294d161", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2019-12-17T00:00:00Z"}], "bugzilla": {"description": "podman: resolving symlink in host filesystem leads to unexpected results of copy operation", "id": "1744588", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1744588"}, "csaw": false, "cvss3": {"cvss3_base_score": "2.5", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N", "status": "verified"}, "cwe": "CWE-59", "details": ["An issue was discovered in Podman in libpod before 1.6.0. It resolves a symlink in the host context during a copy operation from the container to the host, because an undesired glob operation occurs. An attacker could create a container image containing particular symlinks that, when copied by a victim user to the host filesystem, may overwrite existing files with others from the host.", "It was discovered that podman resolves a symlink in the host context during a copy operation from the container to the host. An attacker could create a container image containing particular symlinks that, when copied by a victim user to the host filesystem, may overwrite existing files with others from the host."], "name": "CVE-2019-18466", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "container-tools:1.0/podman", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/a:redhat:openshift:3.11", "fix_state": "Not affected", "package_name": "podman", "product_name": "Red Hat OpenShift Container Platform 3.11"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Will not fix", "package_name": "podman", "product_name": "Red Hat OpenShift Container Platform 4"}], "public_date": "2019-08-22T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2019-18466\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-18466"], "statement": "This issue did not affect the versions of podman as shipped with Red Hat Enterprise Linux 8 as they did not include support for the copy function.\nThis issue did not affect the versions of podman as shipped in OpenShift Container Platform 3.11 and 4.1 as they did not include support for the copy function.\nThe version of podman shipped in OpenShift Container Platform 4.2 was superseded by the version delivered Red Hat Enterprise Linux 8.", "threat_severity": "Moderate"}