rpm package
opensuse/libcontainers-common&distro=openSUSE Leap 15.2
pkg:rpm/opensuse/libcontainers-common&distro=openSUSE%20Leap%2015.2
Vulnerabilities (3)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2020-10696 | — | < 20210112-lp152.2.6.1 | 20210112-lp152.2.6.1 | Mar 31, 2020 | A path traversal flaw was found in Buildah in versions before 1.14.5. This flaw allows an attacker to trick a user into building a malicious container image hosted on an HTTP(s) server and then write files to the user's system anywhere that the user has permissions. | ||
| CVE-2020-1726 | — | < 20200727-lp152.2.3.1 | 20200727-lp152.2.3.1 | Feb 11, 2020 | A flaw was discovered in Podman where it incorrectly allows containers when created to overwrite existing files in volumes, even if they are mounted as read-only. When a user runs a malicious container or a container based on a malicious image with an attached volume that is used | ||
| CVE-2019-10214 | — | < 20210112-lp152.2.6.1 | 20210112-lp152.2.6.1 | Nov 25, 2019 | The containers/image library used by the container tools Podman, Buildah, and Skopeo in Red Hat Enterprise Linux version 8 and CRI-O in OpenShift Container Platform, does not enforce TLS connections to the container registry authorization service. An attacker could use this vulne |
- CVE-2020-10696Mar 31, 2020affected < 20210112-lp152.2.6.1fixed 20210112-lp152.2.6.1
A path traversal flaw was found in Buildah in versions before 1.14.5. This flaw allows an attacker to trick a user into building a malicious container image hosted on an HTTP(s) server and then write files to the user's system anywhere that the user has permissions.
- CVE-2020-1726Feb 11, 2020affected < 20200727-lp152.2.3.1fixed 20200727-lp152.2.3.1
A flaw was discovered in Podman where it incorrectly allows containers when created to overwrite existing files in volumes, even if they are mounted as read-only. When a user runs a malicious container or a container based on a malicious image with an attached volume that is used
- CVE-2019-10214Nov 25, 2019affected < 20210112-lp152.2.6.1fixed 20210112-lp152.2.6.1
The containers/image library used by the container tools Podman, Buildah, and Skopeo in Red Hat Enterprise Linux version 8 and CRI-O in OpenShift Container Platform, does not enforce TLS connections to the container registry authorization service. An attacker could use this vulne