Vulnerability CVE-2020-10696

Vulnerability Name:

CVE-2020-10696 (CCN-179055)

Assigned:

2020-03-26

Published:

2020-03-26

Updated:

2020-04-01

Summary:

A path traversal flaw was found in Buildah in versions before 1.14.5. This flaw allows an attacker to trick a user into building a malicious container image hosted on an HTTP(s) server and then write files to the user's system anywhere that the user has permissions.

CVSS v3 Severity:

8.8 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
7.7 High (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): Required
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
4.6 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): Low Availibility (A): None

8.8 High (REDHAT CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
7.7 High (REDHAT Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): Required
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

CVSS v2 Severity:

9.3 High (CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Authentication (Au): None
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): Partial Availibility (A): None

Vulnerability Type:

CWE-22

Vulnerability Consequences:

Gain Access

References:

Source: MITRE
Type: CNA
CVE-2020-10696

Source: MISC
Type: Third Party Advisory
https://access.redhat.com/security/cve/cve-2020-10696

Source: CCN
Type: Red Hat Bugzilla Bug 1817651
(CVE-2020-10696) - CVE-2020-10696 buildah: crafted input tar file may lead to local file overwriting during image build process

Source: CONFIRM
Type: Exploit, Issue Tracking, Patch, Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10696

Source: XF
Type: UNKNOWN
buildah-cve202010696-dir-traversal(179055)

Source: CCN
Type: Buildah GIT Repository
containers/buildah: A tool that facilitates building OCI

Source: MISC
Type: Exploit, Third Party Advisory
https://github.com/containers/buildah/pull/2245

Vulnerable Configuration:

Configuration 1:

cpe:/a:buildah_project:buildah:*:*:*:*:*:*:*:* (Version < 1.14.5)

Configuration 2:

cpe:/a:redhat:openshift_container_platform:3.11:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*

Configuration RedHat 1:

cpe:/a:redhat:enterprise_linux:8:*:*:*:*:*:*:*

Configuration RedHat 2:

cpe:/a:redhat:enterprise_linux:8::appstream:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:202010696	V	CVE-2020-10696	2023-06-22
oval:org.opensuse.security:def:7846	P	buildah-1.29.1-150500.1.13 on GA media (Moderate)	2023-06-12
oval:org.opensuse.security:def:601	P	Security update for buildah (Important) (in QA)	2022-09-21
oval:org.opensuse.security:def:3240	P	libpulse-mainloop-glib0-32bit-5.0-4.1 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:94707	P	libsndfile-devel-1.0.28-5.15.1 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:94870	P	buildah-1.23.1-150400.1.17 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:101691	P	Security update for buildah (Moderate)	2022-03-09
oval:org.opensuse.security:def:1000	P	Security update for buildah (Moderate)	2022-03-09
oval:org.opensuse.security:def:112031	P	buildah-1.23.0-1.1 on GA media (Moderate)	2022-01-17
oval:org.opensuse.security:def:1292	P	Security update for the Linux Kernel (Live Patch 3 for SLE 15 SP3) (Important)	2021-12-14
oval:org.opensuse.security:def:66997	P	Security update for xen (Moderate)	2021-12-03
oval:org.opensuse.security:def:105587	P	buildah-1.23.0-1.1 on GA media (Moderate)	2021-10-01
oval:org.opensuse.security:def:96668	P	libopenjp2-7-2.3.0-1.25 on GA media (Moderate)	2021-09-21
oval:org.opensuse.security:def:62381	P	buildah-1.17.0-3.6.1 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:71844	P	iscsiuio-0.7.8.6-30.1 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:101125	P	buildah-1.17.0-3.6.1 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:70448	P	Security update for linuxptp (Important)	2021-07-27
oval:org.opensuse.security:def:74718	P	Security update for go1.15 (Important)	2021-06-30
oval:org.opensuse.security:def:73662	P	Security update for lua53 (Moderate)	2021-06-29
oval:org.opensuse.security:def:1971	P	gv-3.7.4-1.41 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:1973	P	java-1_8_0-openjdk-1.8.0.161-1.52 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:1976	P	openldap2-2.4.46-7.10 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:67092	P	Security update for avahi (Moderate)	2021-05-04
oval:org.opensuse.security:def:101420	P	Security update for permissions (Important)	2021-05-04
oval:org.opensuse.security:def:1981	P	java-10-openjdk-10.0.2.0-3.3.3 on GA media (Moderate)	2021-04-29
oval:org.opensuse.security:def:1983	P	java-1_8_0-openjdk-1.8.0.201-3.16.1 on GA media (Moderate)	2021-04-29
oval:org.opensuse.security:def:73783	P	Security update for kernel-firmware (Important)	2021-03-03
oval:org.opensuse.security:def:111228	P	Security update for buildah, libcontainers-common, podman (Moderate)	2021-02-19
oval:org.opensuse.security:def:70340	P	Security update for wpa_supplicant (Important)	2021-02-11
oval:org.opensuse.security:def:1966	P	python2-numpy-gnu-hpc-1.16.5-1.164 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:71728	P	syslog-service-2.0-2.23 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:1961	P	python2-numpy-gnu-hpc-1.14.0-2.105 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:2611	P	Security update for podman (Moderate)	2020-12-02
oval:org.opensuse.security:def:2631	P	Security update for buildah (Moderate)	2020-12-02
oval:org.opensuse.security:def:2621	P	Security update for buildah (Moderate)	2020-12-02
oval:org.opensuse.security:def:49718	P	typelib-1_0-JavaScriptCore-4_0 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:49559	P	libmicrohttpd-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:49403	P	gcab on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:65144	P	Security update for buildah (Moderate)	2020-12-01
oval:org.opensuse.security:def:49655	P	libXvnc-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:49492	P	vino on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:65054	P	Security update for libvirt (Important)	2020-12-01
oval:org.opensuse.security:def:49728	P	bsdtar on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:49614	P	bluez-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:51056	P	Security update for buildah (Moderate)	2020-12-01
oval:org.opensuse.security:def:49624	P	fontforge on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:68491	P	Security update for buildah (Moderate)	2020-12-01
oval:org.opensuse.security:def:50994	P	Security update for binutils (Moderate)	2020-12-01
oval:org.opensuse.security:def:49549	P	libgxps-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:49393	P	bubblewrap on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:51066	P	Security update for buildah (Moderate)	2020-12-01
oval:org.opensuse.security:def:68388	P	Security update for bcm43xx-firmware (Moderate)	2020-12-01
oval:org.opensuse.security:def:49645	P	libIlmImf-2_2-23 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:49482	P	perl-Tk on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:51004	P	Security update for zeromq (Moderate)	2020-12-01
oval:org.opensuse.security:def:110342	P	Security update for buildah (Moderate)	2020-11-29
oval:org.opensuse.security:def:117600	P	Security update for buildah (Moderate)	2020-11-19
oval:org.opensuse.security:def:97456	P	Security update for buildah (Moderate)	2020-11-19
oval:org.opensuse.security:def:104146	P	Security update for buildah (Moderate)	2020-11-19
oval:org.opensuse.security:def:90491	P	Security update for buildah (Moderate)	2020-11-19
oval:org.opensuse.security:def:108086	P	Security update for buildah (Moderate)	2020-11-19
oval:com.redhat.rhsa:def:20201926	P	RHSA-2020:1926: container-tools:1.0 security and bug fix update (Important)	2020-04-28
oval:com.redhat.rhsa:def:20201931	P	RHSA-2020:1931: container-tools:2.0 security update (Important)	2020-04-28
oval:com.redhat.rhsa:def:20201932	P	RHSA-2020:1932: container-tools:rhel8 security update (Important)	2020-04-28

BACK