CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-24557 – Moby classic builder cache poisoning
https://notcve.org/view.php?id=CVE-2024-24557
01 Feb 2024 — Moby is an open-source project created by Docker to enable software containerization. The classic builder cache system is prone to cache poisoning if the image is built FROM scratch. Also, changes to some instructions (most important being HEALTHCHECK and ONBUILD) would not cause a cache miss. An attacker with the knowledge of the Dockerfile someone is using could poison their cache by making them pull a specially crafted image that would be considered as a valid cache candidate for some build steps. 23.0+ ... • https://github.com/moby/moby/commit/3e230cfdcc989dc524882f6579f9e0dac77400ae • CWE-345: Insufficient Verification of Data Authenticity CWE-346: Origin Validation Error •
CVSS: 8.7EPSS: 0%CPEs: 2EXPL: 1CVE-2023-28840 – moby/moby's dockerd daemon encrypted overlay network may be unauthenticated
https://notcve.org/view.php?id=CVE-2023-28840
04 Apr 2023 — Moby is an open source container framework developed by Docker Inc. that is distributed as Docker, Mirantis Container Runtime, and various other downstream projects/products. The Moby daemon component (`dockerd`), which is developed as moby/moby, is commonly referred to as *Docker*. Swarm Mode, which is compiled in and delivered by default in dockerd and is thus present in most major Moby downstreams, is a simple, built-in container orchestrator that is implemented through a combination of SwarmKit and supp... • https://github.com/moby/libnetwork/security/advisories/GHSA-gvm4-2qqg-m333 • CWE-203: Observable Discrepancy CWE-420: Unprotected Alternate Channel CWE-636: Not Failing Securely ('Failing Open') CWE-755: Improper Handling of Exceptional Conditions •
CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 1CVE-2023-28841 – moby/moby's dockerd daemon encrypted overlay network traffic may be unencrypted
https://notcve.org/view.php?id=CVE-2023-28841
04 Apr 2023 — Moby is an open source container framework developed by Docker Inc. that is distributed as Docker, Mirantis Container Runtime, and various other downstream projects/products. The Moby daemon component (`dockerd`), which is developed as moby/moby is commonly referred to as *Docker*. Swarm Mode, which is compiled in and delivered by default in `dockerd` and is thus present in most major Moby downstreams, is a simple, built-in container orchestrator that is implemented through a combination of SwarmKit and sup... • https://github.com/moby/libnetwork/blob/d9fae4c73daf76c3b0f77e14b45b8bf612ba764d/drivers/overlay/encryption.go#L205-L207 • CWE-311: Missing Encryption of Sensitive Data CWE-636: Not Failing Securely ('Failing Open') CWE-755: Improper Handling of Exceptional Conditions •
CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-28842 – moby/moby's dockerd daemon encrypted overlay network with a single endpoint is unauthenticated
https://notcve.org/view.php?id=CVE-2023-28842
04 Apr 2023 — Moby) is an open source container framework developed by Docker Inc. that is distributed as Docker, Mirantis Container Runtime, and various other downstream projects/products. The Moby daemon component (`dockerd`), which is developed as moby/moby is commonly referred to as *Docker*. Swarm Mode, which is compiled in and delivered by default in `dockerd` and is thus present in most major Moby downstreams, is a simple, built-in container orchestrator that is implemented through a combination of SwarmKit and su... • https://github.com/moby/libnetwork/security/advisories/GHSA-gvm4-2qqg-m333 • CWE-420: Unprotected Alternate Channel CWE-636: Not Failing Securely ('Failing Open') CWE-755: Improper Handling of Exceptional Conditions •
CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 0CVE-2022-36109 – Moby vulnerability relating to supplementary group permissions
https://notcve.org/view.php?id=CVE-2022-36109
09 Sep 2022 — Moby is an open-source project created by Docker to enable software containerization. A bug was found in Moby (Docker Engine) where supplementary groups are not set up properly. If an attacker has direct access to a container and manipulates their supplementary group access, they may be able to use supplementary group access to bypass primary group restrictions in some cases, potentially gaining access to sensitive information or gaining the ability to execute code in that container. This bug is fixed in Mo... • https://github.com/moby/moby/commit/de7af816e76a7fd3fbf06bffa6832959289fba32 • CWE-863: Incorrect Authorization •
CVSS: 5.3EPSS: 0%CPEs: 5EXPL: 0CVE-2022-27652 – cri-o: Default inheritable capabilities for linux container should be empty
https://notcve.org/view.php?id=CVE-2022-27652
18 Apr 2022 — A flaw was found in cri-o, where containers were incorrectly started with non-empty default permissions. A vulnerability was found in Moby (Docker Engine) where containers started incorrectly with non-empty inheritable Linux process capabilities. This flaw allows an attacker with access to programs with inheritable file capabilities to elevate those capabilities to the permitted set when execve(2) runs. Se ha encontrado un fallo en cri-o, donde los contenedores eran iniciados incorrectamente con permisos po... • https://bugzilla.redhat.com/show_bug.cgi?id=2066839 • CWE-276: Incorrect Default Permissions •
CVSS: 5.9EPSS: 0%CPEs: 7EXPL: 0CVE-2022-24769 – Default inheritable capabilities for linux container should be empty
https://notcve.org/view.php?id=CVE-2022-24769
24 Mar 2022 — Moby is an open-source project created by Docker to enable and accelerate software containerization. A bug was found in Moby (Docker Engine) prior to version 20.10.14 where containers were incorrectly started with non-empty inheritable Linux process capabilities, creating an atypical Linux environment and enabling programs with inheritable file capabilities to elevate those capabilities to the permitted set during `execve(2)`. Normally, when executable programs have specified permitted file capabilities, ot... • http://www.openwall.com/lists/oss-security/2022/05/12/1 • CWE-276: Incorrect Default Permissions CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 6.3EPSS: 0%CPEs: 3EXPL: 0CVE-2021-41089 – `docker cp` allows unexpected chmod of host files
https://notcve.org/view.php?id=CVE-2021-41089
04 Oct 2021 — Moby is an open-source project created by Docker to enable software containerization. A bug was found in Moby (Docker Engine) where attempting to copy files using `docker cp` into a specially-crafted container can result in Unix file permission changes for existing files in the host’s filesystem, widening access to others. This bug does not directly allow files to be read, modified, or executed without an additional cooperating process. This bug has been fixed in Moby (Docker Engine) 20.10.9. Users should u... • https://cert-portal.siemens.com/productcert/pdf/ssa-222547.pdf • CWE-281: Improper Preservation of Permissions •
CVSS: 6.3EPSS: 0%CPEs: 3EXPL: 3CVE-2021-41091 – Insufficiently restricted permissions on data directory in Docker Engine
https://notcve.org/view.php?id=CVE-2021-41091
04 Oct 2021 — Moby is an open-source project created by Docker to enable software containerization. A bug was found in Moby (Docker Engine) where the data directory (typically `/var/lib/docker`) contained subdirectories with insufficiently restricted permissions, allowing otherwise unprivileged Linux users to traverse directory contents and execute programs. When containers included executable programs with extended permission bits (such as `setuid`), unprivileged Linux users could discover and execute those programs. Wh... • https://github.com/UncleJ4ck/CVE-2021-41091 • CWE-281: Improper Preservation of Permissions CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2018-12608 – moby: cert signing bypass
https://notcve.org/view.php?id=CVE-2018-12608
10 Sep 2018 — An issue was discovered in Docker Moby before 17.06.0. The Docker engine validated a client TLS certificate using both the configured client CA root certificate and all system roots on non-Windows systems. This allowed a client with any domain validated certificate signed by a system-trusted root CA (as opposed to one signed by the configured CA root certificate) to authenticate. Se ha descubierto un problema en Docker Moby, en versiones anteriores a la 17.06.0. EL motor Docker validó el certificado TLS del... • https://github.com/moby/moby/pull/33182 • CWE-295: Improper Certificate Validation •