4.6 Medium
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:P/I:P/A:P
6.3 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L
0.0005 Low
EPSS
Percentile
17.5%
Moby is an open-source project created by Docker to enable software
containerization. A bug was found in Moby (Docker Engine) where the data
directory (typically /var/lib/docker
) contained subdirectories with
insufficiently restricted permissions, allowing otherwise unprivileged
Linux users to traverse directory contents and execute programs. When
containers included executable programs with extended permission bits (such
as setuid
), unprivileged Linux users could discover and execute those
programs. When the UID of an unprivileged Linux user on the host collided
with the file owner or group inside a container, the unprivileged Linux
user on the host could discover, read, and modify those files. This bug has
been fixed in Moby (Docker Engine) 20.10.9. Users should update to this
version as soon as possible. Running containers should be stopped and
restarted for the permissions to be fixed. For users unable to upgrade
limit access to the host to trusted users. Limit access to host volumes to
trusted containers.
Author | Note |
---|---|
sbeattie | looks to have possibly been introduced in e908cc39018c015084ffbffbc5703ccba5c2fbb7 (v20.10.3) |
4.6 Medium
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:P/I:P/A:P
6.3 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L
0.0005 Low
EPSS
Percentile
17.5%