Note:
This project will be discontinued after December 13, 2021. [more]
2020-03-31
A path traversal flaw was found in Buildah in versions before 1.14.5. This flaw allows an attacker to trick a user into building a malicious container image hosted on an HTTP(s) server and then write files to the user's system anywhere that the user has permissions.
| Products | Buildah, Enterprise_linux, Openshift_container_platform |
| Type | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE-22) |
| First patch | - None (likely due to unavailable code) |
| Links |
• https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10696
• https://github.com/containers/buildah/pull/2245 • https://access.redhat.com/security/cve/cve-2020-10696 |