Lucene search

[email protected]CVE-2015-3630

HistoryMay 18, 2015 - 3:59 p.m.

CVE-2015-3630

2015-05-1815:59:16

CWE-264

[email protected]

web.nvd.nist.gov

cve-2015-3630

docker engine

weak permissions

protocol downgrade

crafted image

nvd

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

7.1 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

Docker Engine before 1.6.1 uses weak permissions for (1) /proc/asound, (2) /proc/timer_stats, (3) /proc/latency_stats, and (4) /proc/fs, which allows local users to modify the host, obtain sensitive information, and perform protocol downgrade attacks via a crafted image.

Affected configurations

NVD

Node

dockerdockerRange≤1.6

CPENameOperatorVersion
docker:dockerdockerle1.6

CPE	Name	Operator	Version
docker:docker	docker	le	1.6

References

lists.opensuse.org/opensuse-updates/2015-05/msg00023.html

packetstormsecurity.com/files/131835/Docker-Privilege-Escalation-Information-Disclosure.html

seclists.org/fulldisclosure/2015/May/28

www.securityfocus.com/bid/74566

groups.google.com/forum/#%21searchin/docker-user/1.6.1/docker-user/47GZrihtr-4/nwgeOOFLexIJ

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

7.1 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

Related for CVE-2015-3630

ubuntucve1 cbl_mariner1 debiancve1 prion1 cvelist1 osv1 veracode1 github1 nvd1 openvas4 nessus4 amazon1 archlinux1 oraclelinux1 ibm1