Lucene search
Veracode Vulnerability DatabaseVERACODE:22190HistoryDec 18, 2019 - 2:22 a.m.
Image Cache Poisoning
2019-12-1802:22:04
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
5
0.001 Low
EPSS
Percentile
40.4%
github.com/moby/moby is vulnerable to image cache poisoning. The vulnerability exists as the image layers were not globally unique, allowing for unintended images to be uploaded or downloaded.
| CPE | Name | Operator | Version |
|---|---|---|---|
| github.com/moby/moby | eq | HEAD | |
| github.com/moby/moby | le | 1.8.2 | |
| github.com/moby/moby | eq | HEAD | |
| github.com/moby/moby | le | 1.8.2 |
References
lists.opensuse.org/opensuse-security-announce/2015-10/msg00014.html
lists.opensuse.org/opensuse-updates/2015-10/msg00036.html
github.com/docker/docker/blob/master/CHANGELOG.md#183-2015-10-12
github.com/moby/moby/commit/9098628b2901ae8585ba4c66ee6e14759d2119da
groups.google.com/forum/#!msg/docker-dev/bWVVtLNbFy8/UaefOqMOCAAJ
groups.google.com/forum/#%21msg/docker-dev/bWVVtLNbFy8/UaefOqMOCAAJ
www.docker.com/legal/docker-cve-database
Related
cvelist
cvelist
CVE-2014-8178
2019-12-04 15:05:02
nvd
nvd
CVE-2014-8178
2019-12-17 14:15:16
ubuntucve
ubuntucve
CVE-2014-8178
2019-12-17 00:00:00
cve
cve
CVE-2014-8178
2019-12-17 14:15:16
cbl_mariner
cbl_mariner
CVE-2014-8178 affecting package moby-buildx 0.4.1-3
2021-07-08 21:56:42
prion
prion
Command injection
2019-12-17 14:15:00
debiancve
debiancve
CVE-2014-8178
2019-12-17 14:15:16
openvas
openvas
Oracle: Security Advisory (ELSA-2015-3085)
2015-10-15 00:00:00
Mageia: Security Advisory (MGASA-2016-0043)
2016-02-08 00:00:00
Docker < 1.8.3 Multiple Vulnerabilities
2021-09-08 00:00:00
nessus
nessus
Oracle Linux 6 / 7 : docker-engine (ELSA-2015-3085)
2015-10-15 00:00:00
openSUSE Security Update : docker (openSUSE-2015-666)
2015-10-19 00:00:00
openSUSE Security Update : docker (openSUSE-2015-792)
2015-11-24 00:00:00
suse
suse
Security update for docker (important)
2015-10-15 13:26:51
oraclelinux
oraclelinux
docker-engine security update
2015-10-14 00:00:00
mageia
mageia
Updated docker/golang packages fix security vulnerability
2016-02-05 20:26:09