Описание
Docker Engine before 1.8.3 and CS Docker Engine before 1.6.2-CS7 do not use a globally unique identifier to store image layers, which makes it easier for attackers to poison the image cache via a crafted image in pull or push commands.
Отчет
This issue is exploitable by malicious Docker images. Red Hat supports images from it's own registry, ISV images certified by the Red Hat certification program, and images using qualified customer content.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 7 | docker | Will not fix |
Показывать по
Дополнительная информация
Статус:
EPSS
1.2 Low
CVSS2
Связанные уязвимости
Docker Engine before 1.8.3 and CS Docker Engine before 1.6.2-CS7 do not use a globally unique identifier to store image layers, which makes it easier for attackers to poison the image cache via a crafted image in pull or push commands.
Docker Engine before 1.8.3 and CS Docker Engine before 1.6.2-CS7 do not use a globally unique identifier to store image layers, which makes it easier for attackers to poison the image cache via a crafted image in pull or push commands.
Docker Engine before 1.8.3 and CS Docker Engine before 1.6.2-CS7 do no ...
Docker Engine before 1.8.3 and CS Docker Engine before 1.6.2-CS7 do not use a globally unique identifier to store image layers, which makes it easier for attackers to poison the image cache via a crafted image in pull or push commands.
EPSS
1.2 Low
CVSS2