Описание
Docker Compose trusts the path information embedded in remote OCI compose artifacts. When a layer includes the annotations com.docker.compose.extends or com.docker.compose.envfile, Compose joins the attacker‑supplied value from com.docker.compose.file/com.docker.compose.envfile with its local cache directory and writes the file there. This affects any platform or workflow that resolves remote OCI compose artifacts, Docker Desktop, standalone Compose binaries on Linux, CI/CD runners, cloud dev environments is affected. An attacker can escape the cache directory and overwrite arbitrary files on the machine running docker compose, even if the user only runs read‑only commands such as docker compose config or docker compose ps. This issue is fixed in v2.40.2.
Docker Compose is vulnerable to a path traversal flaw in how it handles OCI artifact layer annotations. When processing remote OCI compose artifacts, Compose trusts attacker-controlled annotation fields such as com.docker.compose.extends and com.docker.compose.envfile. This allows a crafted artifact to escape the cache directory and overwrite arbitrary files on the host system, potentially leading to compromise of system integrity.
Отчет
This vulnerability is considered Important rather than Moderate because it enables an attacker to perform arbitrary file overwrite on the host system through a simple path traversal attack vector, even when the user executes seemingly safe, read-only Docker Compose commands such as docker compose ps or docker compose config. The issue arises from improper validation of attacker-controlled OCI annotation values, allowing malicious paths to break out of the intended cache directory. While user interaction is required, the potential impact on system confidentiality, integrity, and availability is significant—modified configuration files, environment files, or scripts could lead to privilege escalation or further code execution.
Меры по смягчению последствий
No mitigation is currently available that meets Red Hat Product Security’s standards for usability, deployment, applicability, or stability. The risk can be reduced by avoiding the use of untrusted or third-party OCI compose artifacts and only sourcing artifacts from verified and trusted registries. Users should also restrict network access to prevent accidental retrieval of malicious remote artifacts and run Docker Compose commands only within controlled and isolated environments.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Developer Hub | rhdh/rhdh-hub-rhel9 | Not affected |
Показывать по
Дополнительная информация
Статус:
EPSS
8 High
CVSS3
Связанные уязвимости
Docker Compose trusts the path information embedded in remote OCI compose artifacts. When a layer includes the annotations com.docker.compose.extends or com.docker.compose.envfile, Compose joins the attacker‑supplied value from com.docker.compose.file/com.docker.compose.envfile with its local cache directory and writes the file there. This affects any platform or workflow that resolves remote OCI compose artifacts, Docker Desktop, standalone Compose binaries on Linux, CI/CD runners, cloud dev environments is affected. An attacker can escape the cache directory and overwrite arbitrary files on the machine running docker compose, even if the user only runs read‑only commands such as docker compose config or docker compose ps. This issue is fixed in v2.40.2.
Docker Compose trusts the path information embedded in remote OCI compose artifacts. When a layer includes the annotations com.docker.compose.extends or com.docker.compose.envfile, Compose joins the attacker‑supplied value from com.docker.compose.file/com.docker.compose.envfile with its local cache directory and writes the file there. This affects any platform or workflow that resolves remote OCI compose artifacts, Docker Desktop, standalone Compose binaries on Linux, CI/CD runners, cloud dev environments is affected. An attacker can escape the cache directory and overwrite arbitrary files on the machine running docker compose, even if the user only runs read‑only commands such as docker compose config or docker compose ps. This issue is fixed in v2.40.2.
Docker Compose trusts the path information embedded in remote OCI comp ...
Docker Compose Vulnerable to Path Traversal via OCI Artifact Layer Annotations
Уязвимость инструмента для управления многоконтейнерными приложениями Docker Compose, связанная с неверным ограничением имени пути к каталогу с ограниченным доступом, позволяющая нарушителю перезаписать произвольные файлы
EPSS
8 High
CVSS3