CVE-2014-5282

Опубликовано: 06 фев. 2018

Источник: nvd

CVSS3: 8.1

CVSS2: 5.5

EPSS Низкий

Описание

Docker before 1.3 does not properly validate image IDs, which allows remote attackers to redirect to another image through the loading of untrusted images via 'docker load'.

Ссылки

https://bugzilla.redhat.com/show_bug.cgi?id=1168436
Issue Tracking
Third Party Advisory
https://groups.google.com/forum/#%21msg/docker-announce/aQoVmQlcE0A/smPuBNYf8VwJ
https://bugzilla.redhat.com/show_bug.cgi?id=1168436
Issue Tracking
Third Party Advisory
https://groups.google.com/forum/#%21msg/docker-announce/aQoVmQlcE0A/smPuBNYf8VwJ

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:docker:docker:*:*:*:*:*:*:*:*

Версия до 1.3 (исключая)

EPSS

Процентиль: 61%

0.00414

Низкий

8.1 High

CVSS3

5.5 Medium

CVSS2

Дефекты

CWE-20

Связанные уязвимости

CVE-2014-5282

CVSS3: 8.1

ubuntu

почти 8 лет назад

Docker before 1.3 does not properly validate image IDs, which allows remote attackers to redirect to another image through the loading of untrusted images via 'docker load'.

CVE-2014-5282

redhat

около 11 лет назад

Docker before 1.3 does not properly validate image IDs, which allows remote attackers to redirect to another image through the loading of untrusted images via 'docker load'.

CVE-2014-5282

CVSS3: 8.1

msrc

больше 4 лет назад

Описание отсутствует

CVE-2014-5282

CVSS3: 8.1

debian

почти 8 лет назад

Docker before 1.3 does not properly validate image IDs, which allows r ...

GHSA-68xv-f463-9gx3

CVSS3: 8.1

github

больше 3 лет назад

Docker before 1.3 does not properly validate image IDs, which allows remote attackers to redirect to another image through the loading of untrusted images via 'docker load'.

EPSS

Процентиль: 61%

0.00414

Низкий

8.1 High

CVSS3

5.5 Medium

CVSS2

Дефекты

CWE-20