Moderate severityNVD Advisory· Published Oct 28, 2019· Updated Aug 5, 2024
CVE-2019-18466
CVE-2019-18466
Description
An issue was discovered in Podman in libpod before 1.6.0. It resolves a symlink in the host context during a copy operation from the container to the host, because an undesired glob operation occurs. An attacker could create a container image containing particular symlinks that, when copied by a victim user to the host filesystem, may overwrite existing files with others from the host.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
github.com/containers/podman/v4Go | < 1.6.0 | 1.6.0 |
Affected products
14- Podman/libpoddescription
- ghsa-coords13 versionspkg:golang/github.com/containers/podman/v4pkg:rpm/opensuse/cni&distro=openSUSE%20Leap%2015.1pkg:rpm/opensuse/cni-plugins&distro=openSUSE%20Leap%2015.1pkg:rpm/opensuse/conmon&distro=openSUSE%20Leap%2015.1pkg:rpm/opensuse/fuse-overlayfs&distro=openSUSE%20Leap%2015.1pkg:rpm/opensuse/podman&distro=openSUSE%20Leap%2015.1pkg:rpm/suse/cni&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Containers%2015%20SP1pkg:rpm/suse/cni&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2015%20SP1pkg:rpm/suse/cni-plugins&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Containers%2015%20SP1pkg:rpm/suse/cni-plugins&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2015%20SP1pkg:rpm/suse/conmon&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Containers%2015%20SP1pkg:rpm/suse/fuse-overlayfs&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Containers%2015%20SP1pkg:rpm/suse/podman&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Containers%2015%20SP1
< 1.6.0+ 12 more
- (no CPE)range: < 1.6.0
- (no CPE)range: < 0.7.1-lp151.2.3.1
- (no CPE)range: < 0.8.4-lp151.2.3.1
- (no CPE)range: < 2.0.10-lp151.2.1
- (no CPE)range: < 0.7.6-lp151.5.1
- (no CPE)range: < 1.8.0-lp151.3.9.1
- (no CPE)range: < 0.7.1-3.3.1
- (no CPE)range: < 0.7.1-3.3.1
- (no CPE)range: < 0.8.4-3.3.1
- (no CPE)range: < 0.8.4-3.3.1
- (no CPE)range: < 2.0.10-3.3.1
- (no CPE)range: < 0.7.6-3.6.1
- (no CPE)range: < 1.8.0-4.14.1
Patches
Vulnerability mechanics
References
8- lists.opensuse.org/opensuse-security-announce/2020-03/msg00040.htmlmitrevendor-advisoryx_refsource_SUSE
- access.redhat.com/errata/RHSA-2019:4269ghsavendor-advisoryx_refsource_REDHATWEB
- github.com/advisories/GHSA-r34v-gqmw-qvgjghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2019-18466ghsaADVISORY
- bugzilla.redhat.com/show_bug.cgighsax_refsource_MISCWEB
- github.com/containers/libpod/commit/5c09c4d2947a759724f9d5aef6bac04317e03f7eghsax_refsource_MISCWEB
- github.com/containers/libpod/compare/v1.5.1...v1.6.0ghsax_refsource_MISCWEB
- github.com/containers/libpod/issues/3829ghsax_refsource_MISCWEB
News mentions
0No linked articles in our index yet.