Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2014-9358

Overview

Vulnerability Score 6.4 6.4
CVE Id CVE-2014-9358
Last Modified 30 Dec 2014 02:09:58
Published 16 Dec 2014 01:59:16
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2014-9358

Summary

Docker before 1.3.3 does not properly validate image IDs, which allows remote attackers to conduct path traversal attacks and spoof repositories via a crafted image in a (1) "docker load" operation or (2) "registry communications."

Vulnerable Systems

Application

  • Docker 1.3.2


References

CONFIRM - https://groups.google.com/forum/#!msg/docker-user/nFAz-B-n4Bw/0wr3wvLsnUwJ

BUGTRAQ - 20141212 Docker 1.3.3 - Security Advisory [11 Dec 2014]


Last Updated: 27 May 2016 11:07:18