A symlink following vulnerability in the pouch cp function of AliyunContainerService pouch v1.3.1 allows attackers to escalate privileges and write arbitrary files.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Mon, 23 Sep 2024 17:30:00 +0000

Type Values Removed Values Added
First Time appeared Symlink
Symlink symlink
Weaknesses CWE-269
CPEs cpe:2.3:a:symlink:symlink:*:*:*:*:*:*:*:*
Vendors & Products Symlink
Symlink symlink
Metrics cvssV3_1

{'score': 7.6, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:L'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Mon, 23 Sep 2024 15:30:00 +0000

Type Values Removed Values Added
Description A symlink following vulnerability in the pouch cp function of AliyunContainerService pouch v1.3.1 allows attackers to escalate privileges and write arbitrary files.
References

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2024-09-23T16:48:32.088Z

Reserved: 2024-07-18T00:00:00

Link: CVE-2024-41228

cve-icon Vulnrichment

Updated: 2024-09-23T16:44:28.288Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2024-09-23T16:15:05.773

Modified: 2024-09-26T13:32:55.343

Link: CVE-2024-41228

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.