Docker
Monthly
Libcontainer 1.6.0, as used in Docker Engine, allows local users to escape containerization ("mount namespace breakout") and write to arbitrary file on the host system via a symlink attack in an. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.
Libcontainer and Docker Engine before 1.6.1 opens the file-descriptor passed to the pid-1 process before performing the chroot, which allows local users to gain privileges via a symlink attack in an. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity.
The Red Hat docker package before 1.5.0-28, when using the --add-registry option, falls back to HTTP when the HTTPS connection to the registry fails, which allows man-in-the-middle attackers to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.
Docker before 1.3.3 does not properly validate image IDs, which allows remote attackers to conduct path traversal attacks and spoof repositories via a crafted image in a (1) "docker load" operation. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity.
Docker 1.3.2 allows remote attackers to execute arbitrary code with root privileges via a crafted (1) image or (2) build in a Dockerfile in an LZMA (.xz) archive, related to the chroot for archive. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 36.2%.
Docker 1.3.0 through 1.3.1 allows remote attackers to modify the default run profile of image containers and possibly bypass the container by applying unspecified security options to an image. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.
Docker before 1.3.2 allows remote attackers to write to arbitrary files and execute arbitrary code via a (1) symlink or (2) hard link attack in an image archive in a (a) pull or (b) load operation. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity.
Docker before 1.3.1 and docker-py before 0.5.3 fall back to HTTP when the HTTPS connection to the registry fails, which allows man-in-the-middle attackers to conduct downgrade attacks and obtain. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.
Docker 1.0.0 uses world-readable and world-writable permissions on the management socket, which allows local users to gain privileges via unspecified vectors. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity.
Docker on Alpine Linux contains an uncharacterized vulnerability addressed in the 28.3.3-r0 Alpine package release. The sparse disclosure - a single-line vendor advisory from Alpine Linux with no CVSS score, CWE, or technical description - means the specific vulnerability class, attack surface, and impact are not determinable from available data. With an EPSS score of 0.03% (10th percentile), exploitation probability is assessed as very low at this time, and no public exploit code or CISA KEV listing has been identified.
Libcontainer 1.6.0, as used in Docker Engine, allows local users to escape containerization ("mount namespace breakout") and write to arbitrary file on the host system via a symlink attack in an. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.
Libcontainer and Docker Engine before 1.6.1 opens the file-descriptor passed to the pid-1 process before performing the chroot, which allows local users to gain privileges via a symlink attack in an. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity.
The Red Hat docker package before 1.5.0-28, when using the --add-registry option, falls back to HTTP when the HTTPS connection to the registry fails, which allows man-in-the-middle attackers to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.
Docker before 1.3.3 does not properly validate image IDs, which allows remote attackers to conduct path traversal attacks and spoof repositories via a crafted image in a (1) "docker load" operation. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity.
Docker 1.3.2 allows remote attackers to execute arbitrary code with root privileges via a crafted (1) image or (2) build in a Dockerfile in an LZMA (.xz) archive, related to the chroot for archive. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 36.2%.
Docker 1.3.0 through 1.3.1 allows remote attackers to modify the default run profile of image containers and possibly bypass the container by applying unspecified security options to an image. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.
Docker before 1.3.2 allows remote attackers to write to arbitrary files and execute arbitrary code via a (1) symlink or (2) hard link attack in an image archive in a (a) pull or (b) load operation. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity.
Docker before 1.3.1 and docker-py before 0.5.3 fall back to HTTP when the HTTPS connection to the registry fails, which allows man-in-the-middle attackers to conduct downgrade attacks and obtain. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.
Docker 1.0.0 uses world-readable and world-writable permissions on the management socket, which allows local users to gain privileges via unspecified vectors. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity.
Docker on Alpine Linux contains an uncharacterized vulnerability addressed in the 28.3.3-r0 Alpine package release. The sparse disclosure - a single-line vendor advisory from Alpine Linux with no CVSS score, CWE, or technical description - means the specific vulnerability class, attack surface, and impact are not determinable from available data. With an EPSS score of 0.03% (10th percentile), exploitation probability is assessed as very low at this time, and no public exploit code or CISA KEV listing has been identified.