CVE-2020-10696

HIGH

Description

A path traversal flaw was found in Buildah in versions before 1.14.5. This flaw allows an attacker to trick a user into building a malicious container image hosted on an HTTP(s) server and then write files to the user's system anywhere that the user has permissions.

References

https://access.redhat.com/security/cve/cve-2020-10696

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10696

https://github.com/containers/buildah/pull/2245

Details

Source: MITRE

Published: 2020-03-31

Updated: 2020-04-01

Type: CWE-22

Risk Information

CVSS v2.0

Base Score: 9.3

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Impact Score: 10

Exploitability Score: 8.6

Severity: HIGH

CVSS v3.0

Base Score: 8.8

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Impact Score: 5.9

Exploitability Score: 2.8

Severity: HIGH

Tenable Plugins

View all (16 total)

IDNameProductFamilySeverity
146649openSUSE Security Update : buildah / libcontainers-common / podman (openSUSE-2021-310)NessusSuSE Local Security Checks
high
145971CentOS 8 : container-tools:1.0 (CESA-2020:1926)NessusCentOS Local Security Checks
high
145928CentOS 8 : container-tools:rhel8 (CESA-2020:1932)NessusCentOS Local Security Checks
high
145838CentOS 8 : container-tools:2.0 (CESA-2020:1931)NessusCentOS Local Security Checks
high
143725SUSE SLES15 Security Update : buildah (SUSE-SU-2020:3423-1)NessusSuSE Local Security Checks
high
143496openSUSE Security Update : buildah (openSUSE-2020-2106)NessusSuSE Local Security Checks
high
136644Oracle Linux 8 : container-tools:1.0 (ELSA-2020-1926)NessusOracle Linux Local Security Checks
high
136598Oracle Linux 8 : container-tools:ol8 (ELSA-2020-1932)NessusOracle Linux Local Security Checks
high
136597Oracle Linux 8 : container-tools:2.0 (ELSA-2020-1931)NessusOracle Linux Local Security Checks
high
136522RHEL 7 : podman (RHSA-2020:2117)NessusRed Hat Local Security Checks
high
136521RHEL 7 : buildah (RHSA-2020:2116)NessusRed Hat Local Security Checks
high
136064RHEL 8 : container-tools:1.0 (RHSA-2020:1926)NessusRed Hat Local Security Checks
high
136063RHEL 8 : container-tools:rhel8 (RHSA-2020:1932)NessusRed Hat Local Security Checks
high
136061RHEL 8 : container-tools:2.0 (RHSA-2020:1931)NessusRed Hat Local Security Checks
high
135912RHEL 8 : OpenShift Container Platform 4.1.41 (RHSA-2020:1449)NessusRed Hat Local Security Checks
high
135414RHEL 8 : OpenShift Container Platform 4.2.28 (RHSA-2020:1401)NessusRed Hat Local Security Checks
high