Main Vulnerability Database Vulnerabilities #VU26643

#VU26643 Path traversal in buildah - CVE-2020-10696

Published: April 7, 2020

Vulnerability identifier: #VU26643

Vulnerability risk: High

CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2020-10696

CWE-ID: CWE-22

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
buildah

Software vendor:
Container Projects

Description

The vulnerability allows a remote attacker to perform directory traversal attacks.

The vulnerability exists due to input validation error when processing directory traversal sequences. A remote attacker can trick a victim to build a malicious container image hosted on an HTTP(s) server and then write files to the user's system anywhere that the user has permissions.

Remediation

Install update from vendor's website.

External links

https://access.redhat.com/security/cve/cve-2020-10696
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10696
https://github.com/containers/buildah/pull/2245

#VU26643 Path traversal in buildah - CVE-2020-10696

Description

Remediation

External links

Please verify you're human