An issue was discovered in Podman in libpod before 1.6.0. It resolves a symlink in the host context during a copy operation from the container to the host, because an undesired glob operation occurs. An attacker could create a container image containing particular symlinks that, when copied by a victim user to the host filesystem, may overwrite existing files with others from the host.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2024-08-05T01:54:14.351Z

Reserved: 2019-10-28T00:00:00

Link: CVE-2019-18466

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2019-10-28T13:15:11.430

Modified: 2024-11-21T04:33:17.487

Link: CVE-2019-18466

cve-icon Redhat

Severity : Moderate

Publid Date: 2019-08-22T00:00:00Z

Links: CVE-2019-18466 - Bugzilla

cve-icon OpenCVE Enrichment

No data.