摘要:
A path traversal vulnerability has been discovered in podman before version 1.4.0 in the way it handles symlinks inside containers. An attacker who has compromised an existing container can cause arbitrary files on the host filesystem to be read/written when an administrator tries to copy a file from/to the container.
安全等级: Low
公告ID: KylinSec-SA-2022-1191
发布日期: 2022年11月18日
关联CVE: CVE-2019-10152
A path traversal vulnerability has been discovered in podman before version 1.4.0 in the way it handles symlinks inside containers. An attacker who has compromised an existing container can cause arbitrary files on the host filesystem to be read/written when an administrator tries to copy a file from/to the container.
| cve名称 | 产品 | 组件 | 是否受影响 |
|---|---|---|---|
| CVE-2019-10152 | KY3.4-4A | podman | Unaffected |
| CVE-2019-10152 | KY3.4-5 | podman | Unaffected |
| CVE-2019-10152 | KY3.5.1 | podman | Unaffected |
