Path traversal

🗓️ 30 May 2023 18:15:00Reported by PRIOn knowledge baseType

prion

prion🔗 www.prio-n.com👁 13 Views

Lima Linux VMs on macOS vulnerable to path traversal pre v0.16.

Reporter	Title	Published	Views	Family All 14
Circl	CVE-2023-32684	10 Jan 202517:03	–	circl
CNNVD	Lima 安全漏洞	30 May 202300:00	–	cnnvd
CVE	CVE-2023-32684	30 May 202317:19	–	cve
Cvelist	CVE-2023-32684 In Lima, a malicious disk image could read a single file on the host filesystem as a qcow2/vmdk backing file	30 May 202317:19	–	cvelist
EUVD	EUVD-2023-1529	3 Oct 202520:07	–	euvd
Github Security Blog	In Lima, a malicious disk image could read a single file on the host filesystem as a qcow2/vmdk backing file	31 May 202323:38	–	github
NVD	CVE-2023-32684	30 May 202318:15	–	nvd
OSV	CVE-2023-32684 In Lima, a malicious disk image could read a single file on the host filesystem as a qcow2/vmdk backing file	30 May 202317:19	–	osv
OSV	GHSA-F7QW-JJ9C-RPQ9 In Lima, a malicious disk image could read a single file on the host filesystem as a qcow2/vmdk backing file	31 May 202323:38	–	osv
OSV	GO-2023-1803 In Lima, a malicious disk image could read a single file on the host filesystem as a qcow2/vmdk backing file in github.com/lima-vm/lima	20 Aug 202420:31	–	osv

Source	Link
github	www.github.com/lima-vm/lima/releases/tag/v0.16.0
github	www.github.com/lima-vm/lima/security/advisories/GHSA-f7qw-jj9c-rpq9
github	www.github.com/lima-vm/lima/commit/01dbd4d9cabe692afa4517be3995771f0ebb38a5

06 Jun 2023 20:07Current

3.6Low risk

Vulners AI Score3.6

EPSS0.00185

lima linux macos path traversal virtual machines containerd disk image filesystem templates colima rancher desktop finch qcow2 vmdk root read restriction patch