Risk | Medium |
Patch available | YES |
Number of vulnerabilities | 1 |
CVE-ID | CVE-2019-18466 |
CWE-ID | CWE-61 |
Exploitation vector | Network |
Public exploit | N/A |
Vulnerable software Subscribe |
Opensuse Operating systems & Components / Operating system |
Vendor | SUSE |
Security Bulletin
This security bulletin contains one medium risk vulnerability.
EUVDB-ID: #VU26515
Risk: Medium
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-18466
CWE-ID:
CWE-61 - UNIX Symbolic Link (Symlink) Following
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a symlink following issue in libpod (podman) in the host context during a copy operation from the container to the
host, because an undesired glob operation occurs. An attacker could
create a container image containing particular symlinks that, when
copied by a victim user to the host filesystem, may overwrite existing
files with others from the host.
Successful exploitation of this vulnerability may result in privilege escalation on the host operating system.
MitigationUpdate the affected packages.
Opensuse: 15.1
External linkshttp://lists.opensuse.org/opensuse-security-announce/2020-03/msg00040.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.