Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

github логотип

GHSA-8fvr-5rqf-3wwh

Опубликовано: 15 фев. 2022
Источник: github
Github: Прошло ревью
CVSS3: 8.4

Описание

Information Exposure in Docker Engine

Docker Engine before 1.6.1 uses weak permissions for (1) /proc/asound, (2) /proc/timer_stats, (3) /proc/latency_stats, and (4) /proc/fs, which allows local users to modify the host, obtain sensitive information, and perform protocol downgrade attacks via a crafted image.

Ссылки

Пакеты

Наименование

github.com/docker/docker

go
Затронутые версииВерсия исправления

>= 1.6.0, < 1.6.1

1.6.1

EPSS

Процентиль: 9%
0.00036
Низкий

8.4 High

CVSS3

CVE ID

CVE-2015-3630

Дефекты

CWE-285

Связанные уязвимости

ubuntu логотип

CVE-2015-3630

ubuntu
около 10 лет назад

Docker Engine before 1.6.1 uses weak permissions for (1) /proc/asound, (2) /proc/timer_stats, (3) /proc/latency_stats, and (4) /proc/fs, which allows local users to modify the host, obtain sensitive information, and perform protocol downgrade attacks via a crafted image.

redhat логотип

CVE-2015-3630

redhat
около 10 лет назад

Docker Engine before 1.6.1 uses weak permissions for (1) /proc/asound, (2) /proc/timer_stats, (3) /proc/latency_stats, and (4) /proc/fs, which allows local users to modify the host, obtain sensitive information, and perform protocol downgrade attacks via a crafted image.

nvd логотип

CVE-2015-3630

nvd
около 10 лет назад

Docker Engine before 1.6.1 uses weak permissions for (1) /proc/asound, (2) /proc/timer_stats, (3) /proc/latency_stats, and (4) /proc/fs, which allows local users to modify the host, obtain sensitive information, and perform protocol downgrade attacks via a crafted image.

msrc логотип

CVE-2015-3630

msrc
почти 4 года назад

Описание отсутствует

debian логотип

CVE-2015-3630

debian
около 10 лет назад

Docker Engine before 1.6.1 uses weak permissions for (1) /proc/asound, ...

EPSS

Процентиль: 9%
0.00036
Низкий

8.4 High

CVSS3

CVE ID

CVE-2015-3630

Дефекты

CWE-285