https://access.redhat.com/security/cve/cve-2020-10696

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10696

https://github.com/containers/buildah/pull/2245

The remote CentOS Linux 8 host has packages installed that are affected by a vulnerability as referenced in the CESA-2020:1926 advisory.

  - buildah: Crafted input tar file may lead to local file overwrite during image build process     (CVE-2020-10696)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote CentOS Linux 8 host has packages installed that are affected by a vulnerability as referenced in the CESA-2020:1932 advisory.

  - buildah: Crafted input tar file may lead to local file overwrite during image build process     (CVE-2020-10696)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote CentOS Linux 8 host has packages installed that are affected by a vulnerability as referenced in the CESA-2020:1931 advisory.

  - buildah: Crafted input tar file may lead to local file overwrite during image build process     (CVE-2020-10696)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2020-1926 advisory.

  - A path traversal flaw was found in Buildah in versions before 1.14.5. This flaw allows an attacker to     trick a user into building a malicious container image hosted on an HTTP(s) server and then write files to     the user's system anywhere that the user has permissions. (CVE-2020-10696)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2020-1932 advisory.

  - A path traversal flaw was found in Buildah in versions before 1.14.5. This flaw allows an attacker to     trick a user into building a malicious container image hosted on an HTTP(s) server and then write files to     the user's system anywhere that the user has permissions. (CVE-2020-10696)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2020-1931 advisory.

  - A path traversal flaw was found in Buildah in versions before 1.14.5. This flaw allows an attacker to     trick a user into building a malicious container image hosted on an HTTP(s) server and then write files to     the user's system anywhere that the user has permissions. (CVE-2020-10696)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:2117 advisory.

  - buildah: Crafted input tar file may lead to local file overwrite during image build process     (CVE-2020-10696)

  - proglottis/gpgme: Use-after-free in GPGME bindings during container image pull (CVE-2020-8945)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:2116 advisory.

  - buildah: Crafted input tar file may lead to local file overwrite during image build process     (CVE-2020-10696)

  - containers/image: Container images read entire image manifest into memory (CVE-2020-1702)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:1926 advisory.

  - buildah: Crafted input tar file may lead to local file     overwrite during image build process (CVE-2020-10696)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:1932 advisory.

  - buildah: Crafted input tar file may lead to local file     overwrite during image build process (CVE-2020-10696)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:1931 advisory.

  - buildah: Crafted input tar file may lead to local file     overwrite during image build process (CVE-2020-10696)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:1449 advisory.

  - buildah: Crafted input tar file may lead to local file overwrite during image build process     (CVE-2020-10696)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:1401 advisory.

  - buildah: Crafted input tar file may lead to local file overwrite during image build process     (CVE-2020-10696)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

ID	Name	Product	Family	Severity
146649	openSUSE Security Update : buildah / libcontainers-common / podman (openSUSE-2021-310)	Nessus	SuSE Local Security Checks	high
145971	CentOS 8 : container-tools:1.0 (CESA-2020:1926)	Nessus	CentOS Local Security Checks	high
145928	CentOS 8 : container-tools:rhel8 (CESA-2020:1932)	Nessus	CentOS Local Security Checks	high
145838	CentOS 8 : container-tools:2.0 (CESA-2020:1931)	Nessus	CentOS Local Security Checks	high
143725	SUSE SLES15 Security Update : buildah (SUSE-SU-2020:3423-1)	Nessus	SuSE Local Security Checks	high
143496	openSUSE Security Update : buildah (openSUSE-2020-2106)	Nessus	SuSE Local Security Checks	high
136644	Oracle Linux 8 : container-tools:1.0 (ELSA-2020-1926)	Nessus	Oracle Linux Local Security Checks	high
136598	Oracle Linux 8 : container-tools:ol8 (ELSA-2020-1932)	Nessus	Oracle Linux Local Security Checks	high
136597	Oracle Linux 8 : container-tools:2.0 (ELSA-2020-1931)	Nessus	Oracle Linux Local Security Checks	high
136522	RHEL 7 : podman (RHSA-2020:2117)	Nessus	Red Hat Local Security Checks	high
136521	RHEL 7 : buildah (RHSA-2020:2116)	Nessus	Red Hat Local Security Checks	high
136064	RHEL 8 : container-tools:1.0 (RHSA-2020:1926)	Nessus	Red Hat Local Security Checks	high
136063	RHEL 8 : container-tools:rhel8 (RHSA-2020:1932)	Nessus	Red Hat Local Security Checks	high
136061	RHEL 8 : container-tools:2.0 (RHSA-2020:1931)	Nessus	Red Hat Local Security Checks	high
135912	RHEL 8 : OpenShift Container Platform 4.1.41 (RHSA-2020:1449)	Nessus	Red Hat Local Security Checks	high
135414	RHEL 8 : OpenShift Container Platform 4.2.28 (RHSA-2020:1401)	Nessus	Red Hat Local Security Checks	high

CVE-2020-10696

HIGH

Description

References

Details

Risk Information

CVSS v2.0

CVSS v3.0

Vulnerable Software

Configuration 1

Configuration 2

Tenable Plugins

high

high

high

high

high

high

high

high

high

high

high

high

high

high

high

high