CVE-2020-10696

buildah: Crafted input tar file may lead to local file overwrite during image build process

Severity Score

8.8

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

A path traversal flaw was found in Buildah in versions before 1.14.5. This flaw allows an attacker to trick a user into building a malicious container image hosted on an HTTP(s) server and then write files to the user's system anywhere that the user has permissions.

Se detectó un fallo de salto de ruta en Buildah en versiones anteriores a 1.14.5. Este fallo permite a un atacante engañar a un usuario para construir una imagen de contenedor maliciosa alojada en un servidor HTTP(s) y luego escribir archivos en el sistema del usuario en cualquier lugar donde el usuario tenga permisos.

A path traversal flaw was found in Buildah. This flaw allows an attacker to trick a user into building a malicious container image hosted on an HTTP(s) server and then write files to the user's system anywhere that the user has permissions.

An update that fixes three vulnerabilities is now available. This update for buildah fixes the following issues. Buildah was updated to version 1.27.1. Fixed an issue in libcni that could allow an attacker to execute arbitrary binaries on the host. Fixed an issue that could lead to files being overwritten during the image building process. Fixed a possible information disclosure and modification.

*Credits: N/A

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Network

Attack Complexity

Medium

Authentication

None

Confidentiality

Complete

Integrity

Complete

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2020-03-20 CVE Reserved
2020-03-31 CVE Published
2024-08-04 CVE Updated
2024-08-04 First Exploit
2025-03-30 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date

CWE

CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CAPEC

References (5)

URL	Tag	Source
https://access.redhat.com/security/cve/cve-2020-10696	Third Party Advisory

URL	Date	SRC
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10696	2024-08-04
https://github.com/containers/buildah/pull/2245	2024-08-04

URL	Date	SRC

URL	Date	SRC
https://access.redhat.com/security/cve/CVE-2020-10696	2020-05-12
https://bugzilla.redhat.com/show_bug.cgi?id=1817651	2020-05-12

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Buildah Project Search vendor "Buildah Project"		Buildah Search vendor "Buildah Project" for product "Buildah"				< 1.14.5 Search vendor "Buildah Project" for product "Buildah" and version " < 1.14.5"		-		Affected
Redhat Search vendor "Redhat"		Openshift Container Platform Search vendor "Redhat" for product "Openshift Container Platform"				3.11 Search vendor "Redhat" for product "Openshift Container Platform" and version "3.11"		-		Affected
Redhat Search vendor "Redhat"		Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux"				7.0 Search vendor "Redhat" for product "Enterprise Linux" and version "7.0"		-		Affected
Redhat Search vendor "Redhat"		Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux"				8.0 Search vendor "Redhat" for product "Enterprise Linux" and version "8.0"		-		Affected