CVE-2014-8178
https://notcve.org/view.php?id=CVE-2014-8178
Docker Engine before 1.8.3 and CS Docker Engine before 1.6.2-CS7 do not use a globally unique identifier to store image layers, which makes it easier for attackers to poison the image cache via a crafted image in pull or push commands. Docker Engine versiones anteriores a la versión 1.8.3 y CS Docker Engine versiones anteriores a la versión 1.6.2-CS7, no utilizan un identificador único de forma global para almacenar capas de imágenes, lo que facilita a atacantes envenenar la caché de imágenes por medio de una imagen especialmente diseñada en los comandos pull o push. • http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00014.html http://lists.opensuse.org/opensuse-updates/2015-10/msg00036.html https://github.com/docker/docker/blob/master/CHANGELOG.md#183-2015-10-12 https://groups.google.com/forum/#%21msg/docker-dev/bWVVtLNbFy8/UaefOqMOCAAJ https://www.docker.com/legal/docker-cve-database • CWE-20: Improper Input Validation •
CVE-2019-16884 – runc: AppArmor/SELinux bypass with malicious image that specifies a volume at /proc
https://notcve.org/view.php?id=CVE-2019-16884
runc through 1.0.0-rc8, as used in Docker through 19.03.2-ce and other products, allows AppArmor restriction bypass because libcontainer/rootfs_linux.go incorrectly checks mount targets, and thus a malicious Docker image can mount over a /proc directory. runc versiones hasta 1.0.0-rc8, como es usado en Docker versiones hasta 19.03.2-ce y otros productos, permite omitir la restricción de AppArmor porque el archivo libcontainer/rootfs_linux.go comprueba incorrectamente los destinos de montaje y, por lo tanto, una imagen Docker maliciosa puede ser montada sobre un directorio /proc . • http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00073.html http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00009.html http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00010.html https://access.redhat.com/errata/RHSA-2019:3940 https://access.redhat.com/errata/RHSA-2019:4074 https://access.redhat.com/errata/RHSA-2019:4269 https://github.com/opencontainers/runc/issues/2128 https://lists.debian.org/debian-lts-announce/2023/02/msg00016.html https: • CWE-41: Improper Resolution of Path Equivalence CWE-863: Incorrect Authorization •
CVE-2019-15752 – Docker Desktop Community Edition Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2019-15752
Docker Desktop Community Edition before 2.1.0.1 allows local users to gain privileges by placing a Trojan horse docker-credential-wincred.exe file in %PROGRAMDATA%\DockerDesktop\version-bin\ as a low-privilege user, and then waiting for an admin or service user to authenticate with Docker, restart Docker, or run 'docker login' to force the command. Docker Desktop Community Edition antes de 2.1.0.1 permite a los usuarios locales obtener privilegios al colocar un archivo trojan horse docker-credential-wincred.exe en% PROGRAMDATA% \ DockerDesktop \ version-bin \ como un usuario con pocos privilegios y luego esperar un administrador o usuario de servicio para identificarse con Docker, reiniciar Docker o ejecutar 'inicio de sesión de docker' para forzar el comando. Docker Desktop Community Edition contains a vulnerability that may allow local users to escalate privileges by placing a trojan horse docker-credential-wincred.exe file in %PROGRAMDATA%\DockerDesktop\version-bin\. • https://www.exploit-db.com/exploits/48388 http://packetstormsecurity.com/files/157404/Docker-Credential-Wincred.exe-Privilege-Escalation.html https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3E https://medium.com/%40morgan.henry.roman/elevation-of-privilege-in-docker-for-windows-2fd8450b478e https://medium.com/@morgan.henry.roman/elevation-of-privilege-in-docker-for-windows-2fd8450b478e • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVE-2019-13139
https://notcve.org/view.php?id=CVE-2019-13139
In Docker before 18.09.4, an attacker who is capable of supplying or manipulating the build path for the "docker build" command would be able to gain command execution. An issue exists in the way "docker build" processes remote git URLs, and results in command injection into the underlying "git clone" command, leading to code execution in the context of the user executing the "docker build" command. This occurs because git ref can be misinterpreted as a flag. En Docker versiones anteriores a 18.09.4, un atacante que sea capaz de suministrar o manipular la ruta de compilación para el comando "docker build" podría ser capaz de conseguir la ejecución de comandos. Existe un problema en la forma en que "docker build" procesa las URL de git remotas, y resulta en la inyección de comandos en el comando subyacente "git clone", lo que conlleva a la ejecución de código en el contexto del usuario ejecutando el comando "docker build". • https://access.redhat.com/errata/RHBA-2019:3092 https://docs.docker.com/engine/release-notes/#18094 https://github.com/moby/moby/pull/38944 https://seclists.org/bugtraq/2019/Sep/21 https://security.netapp.com/advisory/ntap-20190910-0001 https://staaldraad.github.io/post/2019-07-16-cve-2019-13139-docker-build https://www.debian.org/security/2019/dsa-4521 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVE-2019-14271
https://notcve.org/view.php?id=CVE-2019-14271
In Docker 19.03.x before 19.03.1 linked against the GNU C Library (aka glibc), code injection can occur when the nsswitch facility dynamically loads a library inside a chroot that contains the contents of the container. En Docker versión 19.03.x anterior a 19.03.1, vinculado contra la Biblioteca C de GNU (también se conoce como glibc), la inyección de código puede ocurrir cuando la facilidad nsswitch carga dinámicamente una biblioteca dentro de un chroot que alberga el contenido del contenedor. • http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00084.html https://docs.docker.com/engine/release-notes https://github.com/moby/moby/issues/39449 https://seclists.org/bugtraq/2019/Sep/21 https://security.netapp.com/advisory/ntap-20190828-0003 https://www.debian.org/security/2019/dsa-4521 • CWE-665: Improper Initialization •