github.com/containers/buildah is vulnerable to directory traversal. The image building process does not properly handle file path as well as symlinks. An attacker is able to exploit the vulnerability to overwrite arbitrary files on the file system and potentially escalation privileges by overwriting files configured with setuid
.