CVE-2020-27534

Опубликовано: 30 дек. 2020

Источник: nvd

CVSS3: 5.3

CVSS2: 5

EPSS Низкий

Описание

util/binfmt_misc/check.go in Builder in Docker Engine before 19.03.9 calls os.OpenFile with a potentially unsafe qemu-check temporary pathname, constructed with an empty first argument in an ioutil.TempDir call.

Ссылки

http://web.archive.org/web/20200530054359/https://docs.docker.com/engine/release-notes/
Release Notes
Third Party Advisory
https://github.com/moby/buildkit/pull/1462
Third Party Advisory
https://github.com/moby/moby/pull/40877
Third Party Advisory
https://golang.org/pkg/io/ioutil/#TempDir
Third Party Advisory
https://golang.org/pkg/os/#TempDir
Third Party Advisory
http://web.archive.org/web/20200530054359/https://docs.docker.com/engine/release-notes/
Release Notes
Third Party Advisory
https://github.com/moby/buildkit/pull/1462
Third Party Advisory
https://github.com/moby/moby/pull/40877
Third Party Advisory
https://golang.org/pkg/io/ioutil/#TempDir
Third Party Advisory
https://golang.org/pkg/os/#TempDir
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:docker:docker:*:*:*:*:*:*:*:*

Версия до 19.03.9 (исключая)

EPSS

Процентиль: 73%

0.0077

Низкий

5.3 Medium

CVSS3

5 Medium

CVSS2

Дефекты

CWE-22

Связанные уязвимости

CVE-2020-27534

CVSS3: 5.3

ubuntu

около 5 лет назад

CVE-2020-27534

CVSS3: 5.3

redhat

около 5 лет назад

CVE-2020-27534

CVSS3: 5.3

msrc

больше 4 лет назад

Описание отсутствует

CVE-2020-27534

CVSS3: 5.3

debian

около 5 лет назад

util/binfmt_misc/check.go in Builder in Docker Engine before 19.03.9 c ...

GHSA-6hwg-w5jg-9c6x

CVSS3: 5.3

github

около 2 лет назад

Path Traversal in Moby builder

EPSS

Процентиль: 73%

0.0077

Низкий

5.3 Medium

CVSS3

5 Medium

CVSS2

Дефекты

CWE-22