Platform
go
Component
github.com/containers/podman
Fixed in
1.4.1
1.4.0
CVE-2019-10152 represents a Path Traversal vulnerability discovered in Podman, a daemonless container engine. This flaw allows attackers to potentially read or write arbitrary files on the host system, compromising the security of containerized workloads. Versions of Podman prior to 1.4.0 are affected, and a fix has been released. Promptly upgrading is crucial to address this risk.
The Path Traversal vulnerability in Podman (CVE-2019-10152) enables an attacker to bypass intended access controls and interact with files outside of the intended container environment. Successful exploitation could lead to the disclosure of sensitive data, modification of system files, or even remote code execution if the attacker can leverage the file access to execute malicious code. The blast radius extends to the entire host system, as the vulnerability bypasses container isolation mechanisms. This is particularly concerning in multi-tenant environments or systems hosting critical infrastructure.
CVE-2019-10152 was publicly disclosed on August 20, 2024. The vulnerability's severity is rated HIGH (CVSS 7.2). Currently, there are no known active campaigns targeting this specific vulnerability, but the availability of a public proof-of-concept increases the risk of exploitation. It is not listed on the CISA KEV catalog as of this writing.
Exploit Status
EPSS
0.36% (58% percentile)
CVSS Vector
The primary mitigation for CVE-2019-10152 is to upgrade Podman to version 1.4.0 or later, which includes the necessary fix. If an immediate upgrade is not feasible due to compatibility issues or system downtime constraints, consider implementing stricter access controls within the container environment to limit the potential impact of a successful exploit. While not a complete solution, restricting file system access for containers can reduce the attacker's ability to read or write sensitive files. Review and harden container configurations to minimize the attack surface. After upgrade, confirm by attempting to access files outside the intended container directory and verifying access is denied.
Actualice Podman a la versión 1.4.0 o superior. Esta versión corrige la vulnerabilidad de path traversal al manejar enlaces simbólicos dentro de los contenedores, evitando que un atacante comprometido pueda leer o escribir archivos arbitrarios en el sistema host.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2019-10152 is a Path Traversal vulnerability in Podman, allowing attackers to potentially read or write arbitrary files on the host system. It affects versions prior to 1.4.0.
You are affected if you are running Podman versions prior to 1.4.0. Check your version and upgrade immediately if necessary.
Upgrade Podman to version 1.4.0 or later to address the vulnerability. Consider stricter access controls as a temporary mitigation if an upgrade is not immediately possible.
While there are no confirmed active campaigns targeting this specific vulnerability, the availability of a public proof-of-concept increases the risk of exploitation.
Refer to the Podman project's official website and security advisories for the latest information and updates regarding CVE-2019-10152.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.
Upload your go.mod file and we'll tell you instantly if you're affected.