CVE-2019-18466

Severity CVSS v4.0:
Pending analysis
Type:
CWE-59 Link Following
Publication date:
28/10/2019
Last modified:
15/01/2020

Description

An issue was discovered in Podman in libpod before 1.6.0. It resolves a symlink in the host context during a copy operation from the container to the host, because an undesired glob operation occurs. An attacker could create a container image containing particular symlinks that, when copied by a victim user to the host filesystem, may overwrite existing files with others from the host.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:libpod_project:libpod:*:*:*:*:*:*:*:* 1.6.0 (excluding)