A path traversal flaw was found in Buildah in versions before 1.14.5. This flaw allows an attacker to trick a user into building a malicious container image hosted on an HTTP(s) server and then write files to the user's system anywhere that the user has permissions.
https://access.redhat.com/security/cve/cve-2020-10696
Source: MITRE
Published: 2020-03-31
Updated: 2020-04-01
Type: CWE-22
Base Score: 9.3
Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Impact Score: 10
Exploitability Score: 8.6
Severity: HIGH
Base Score: 8.8
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Impact Score: 5.9
Exploitability Score: 2.8
Severity: HIGH
OR
OR
cpe:2.3:a:redhat:openshift_container_platform:3.11:*:*:*:*:*:*:*
ID | Name | Product | Family | Severity |
---|---|---|---|---|
146649 | openSUSE Security Update : buildah / libcontainers-common / podman (openSUSE-2021-310) | Nessus | SuSE Local Security Checks | high |
145971 | CentOS 8 : container-tools:1.0 (CESA-2020:1926) | Nessus | CentOS Local Security Checks | high |
145928 | CentOS 8 : container-tools:rhel8 (CESA-2020:1932) | Nessus | CentOS Local Security Checks | high |
145838 | CentOS 8 : container-tools:2.0 (CESA-2020:1931) | Nessus | CentOS Local Security Checks | high |
143725 | SUSE SLES15 Security Update : buildah (SUSE-SU-2020:3423-1) | Nessus | SuSE Local Security Checks | high |
143496 | openSUSE Security Update : buildah (openSUSE-2020-2106) | Nessus | SuSE Local Security Checks | high |
136644 | Oracle Linux 8 : container-tools:1.0 (ELSA-2020-1926) | Nessus | Oracle Linux Local Security Checks | high |
136598 | Oracle Linux 8 : container-tools:ol8 (ELSA-2020-1932) | Nessus | Oracle Linux Local Security Checks | high |
136597 | Oracle Linux 8 : container-tools:2.0 (ELSA-2020-1931) | Nessus | Oracle Linux Local Security Checks | high |
136522 | RHEL 7 : podman (RHSA-2020:2117) | Nessus | Red Hat Local Security Checks | high |
136521 | RHEL 7 : buildah (RHSA-2020:2116) | Nessus | Red Hat Local Security Checks | high |
136064 | RHEL 8 : container-tools:1.0 (RHSA-2020:1926) | Nessus | Red Hat Local Security Checks | high |
136063 | RHEL 8 : container-tools:rhel8 (RHSA-2020:1932) | Nessus | Red Hat Local Security Checks | high |
136061 | RHEL 8 : container-tools:2.0 (RHSA-2020:1931) | Nessus | Red Hat Local Security Checks | high |
135912 | RHEL 8 : OpenShift Container Platform 4.1.41 (RHSA-2020:1449) | Nessus | Red Hat Local Security Checks | high |
135414 | RHEL 8 : OpenShift Container Platform 4.2.28 (RHSA-2020:1401) | Nessus | Red Hat Local Security Checks | high |