CVE-2014-5282

Опубликовано: 06 фев. 2018

Источник: nvd

CVSS3: 8.1

CVSS2: 5.5

EPSS Низкий

Описание

Docker before 1.3 does not properly validate image IDs, which allows remote attackers to redirect to another image through the loading of untrusted images via 'docker load'.

Ссылки

https://bugzilla.redhat.com/show_bug.cgi?id=1168436
Issue Tracking
Third Party Advisory
https://groups.google.com/forum/#%21msg/docker-announce/aQoVmQlcE0A/smPuBNYf8VwJ
https://bugzilla.redhat.com/show_bug.cgi?id=1168436
Issue Tracking
Third Party Advisory
https://groups.google.com/forum/#%21msg/docker-announce/aQoVmQlcE0A/smPuBNYf8VwJ

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:docker:docker:*:*:*:*:*:*:*:*

Версия до 1.3 (исключая)

EPSS

Процентиль: 62%

0.00436

Низкий

8.1 High

CVSS3

5.5 Medium

CVSS2

Дефекты

CWE-20

Связанные уязвимости

CVE-2014-5282

CVSS3: 8.1

ubuntu

больше 7 лет назад

Docker before 1.3 does not properly validate image IDs, which allows remote attackers to redirect to another image through the loading of untrusted images via 'docker load'.

CVE-2014-5282

redhat

больше 10 лет назад

Docker before 1.3 does not properly validate image IDs, which allows remote attackers to redirect to another image through the loading of untrusted images via 'docker load'.

CVE-2014-5282

CVSS3: 8.1

msrc

почти 4 года назад

Описание отсутствует

CVE-2014-5282

CVSS3: 8.1

debian

больше 7 лет назад

Docker before 1.3 does not properly validate image IDs, which allows r ...

GHSA-68xv-f463-9gx3

CVSS3: 8.1

github

около 3 лет назад

Docker before 1.3 does not properly validate image IDs, which allows remote attackers to redirect to another image through the loading of untrusted images via 'docker load'.

EPSS

Процентиль: 62%

0.00436

Низкий

8.1 High

CVSS3

5.5 Medium

CVSS2

Дефекты

CWE-20