Candidate: CVE-2020-10696
PublicDate: 2020-03-31 22:15:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10696
 https://github.com/containers/buildah/commit/c61925b8936e93a5e900f91b653a846f7ea3a9ed
Description:
 A path traversal flaw was found in Buildah in versions before 1.14.5. This
 flaw allows an attacker to trick a user into building a malicious container
 image hosted on an HTTP(s) server and then write files to the user's system
 anywhere that the user has permissions.
Ubuntu-Description:
Notes:
Mitigation:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H [8.8 HIGH]


Patches_golang-github-containers-buildah:
 upstream: https://github.com/containers/buildah/commit/c61925b8936e93a5e900f91b653a846f7ea3a9ed
upstream_golang-github-containers-buildah: released (1.11.6-2)
precise/esm_golang-github-containers-buildah: DNE
trusty_golang-github-containers-buildah: ignored (out of standard support)
trusty/esm_golang-github-containers-buildah: DNE
xenial_golang-github-containers-buildah: DNE
bionic_golang-github-containers-buildah: DNE
focal_golang-github-containers-buildah: DNE
groovy_golang-github-containers-buildah: not-affected (1.15.2-1ubuntu2)
devel_golang-github-containers-buildah: not-affected