Lucene search

K

Veracode Vulnerability DatabaseVERACODE:4129

HistoryMay 03, 2017 - 7:09 a.m.

Information Disclosure

2017-05-0307:09:40

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

10

EPSS

0

Percentile

5.1%

github.com/docker/docker is vulnerable to information disclosure. Attackers can obtain sensitive information, modify the host and perform protocol downgrade attacks using a docker image. These attacks are possible because github.com/docker/docker uses weak permissions for files in the /proc folder.

References

lists.opensuse.org/opensuse-updates/2015-05/msg00023.html

packetstormsecurity.com/files/131835/Docker-Privilege-Escalation-Information-Disclosure.html

seclists.org/fulldisclosure/2015/May/28

www.securityfocus.com/bid/74566

github.com/moby/moby/commit/545b440a80f676a506e5837678dd4c4f65e78660

groups.google.com/forum/#!searchin/docker-user/1.6.1/docker-user/47GZrihtr-4/nwgeOOFLexIJ

groups.google.com/forum/#%21searchin/docker-user/1.6.1/docker-user/47GZrihtr-4/nwgeOOFLexIJ

EPSS

0

Percentile

5.1%

Related for VERACODE:4129

ubuntucve1 nvd1 osv3 cbl_mariner1 debiancve1 cve1 github1 prion1 cvelist1 openvas4 archlinux1 oraclelinux1 amazon1 nessus4 ibm1