CVE-2014-6407

Опубликовано: 24 нояб. 2014

Источник: redhat

CVSS2: 3.7

EPSS Низкий

Описание

Docker before 1.3.2 allows remote attackers to write to arbitrary files and execute arbitrary code via a (1) symlink or (2) hard link attack in an image archive in a (a) pull or (b) load operation.

Отчет

This issue affects the versions of Docker as shipped with Red Hat Enterprise Linux 7. However, this flaw is not known to be exploitable under any supported scenario. A future update may address this issue. Red Hat does not support or recommend running untrusted images.

Ссылки на источники

Дополнительная информация

Статус:

Low

Дефект:

CWE-59

https://bugzilla.redhat.com/show_bug.cgi?id=1167505docker: symbolic and hardlink issues leading to privilege escalation

EPSS

Процентиль: 90%

0.05577

Низкий

3.7 Low

CVSS2

Связанные уязвимости

CVE-2014-6407

ubuntu

больше 10 лет назад

Docker before 1.3.2 allows remote attackers to write to arbitrary files and execute arbitrary code via a (1) symlink or (2) hard link attack in an image archive in a (a) pull or (b) load operation.

CVE-2014-6407

nvd

больше 10 лет назад

Docker before 1.3.2 allows remote attackers to write to arbitrary files and execute arbitrary code via a (1) symlink or (2) hard link attack in an image archive in a (a) pull or (b) load operation.

CVE-2014-6407

msrc

почти 4 года назад

Описание отсутствует

CVE-2014-6407

debian

больше 10 лет назад

Docker before 1.3.2 allows remote attackers to write to arbitrary file ...

GHSA-5qgp-p5jc-w2rm

CVSS3: 7.3

github

больше 3 лет назад

Arbitrary Code Execution in Docker

EPSS

Процентиль: 90%

0.05577

Низкий

3.7 Low

CVSS2