CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2020-14300 – docker: Security regression of CVE-2016-9962 due to inclusion of vulnerable runc
https://notcve.org/view.php?id=CVE-2020-14300
The docker packages version docker-1.13.1-108.git4ef4b30.el7 as released for Red Hat Enterprise Linux 7 Extras via RHBA-2020:0053 (https://access.redhat.com/errata/RHBA-2020:0053) included an incorrect version of runc that was missing multiple bug and security fixes. One of the fixes regressed in that update was the fix for CVE-2016-9962, that was previously corrected in the docker packages in Red Hat Enterprise Linux 7 Extras via RHSA-2017:0116 (https://access.redhat.com/errata/RHSA-2017:0116). The CVE-2020-14300 was assigned to this security regression and it is specific to the docker packages produced by Red Hat. The original issue - CVE-2016-9962 - could possibly allow a process inside container to compromise a process entering container namespace and execute arbitrary code outside of the container. This could lead to compromise of the container host or other containers running on the same container host. • https://access.redhat.com/errata/RHBA-2020:0427 https://access.redhat.com/security/cve/CVE-2016-9962 https://access.redhat.com/security/vulnerabilities/cve-2016-9962 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9962 https://access.redhat.com/security/cve/CVE-2020-14300 https://bugzilla.redhat.com/show_bug.cgi?id=1848829 https://access.redhat.com/security/vulnerabilities/runc-regression-docker-1.13.1-108 • CWE-271: Privilege Dropping / Lowering Errors CWE-273: Improper Check for Dropped Privileges •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 1CVE-2020-11492
https://notcve.org/view.php?id=CVE-2020-11492
An issue was discovered in Docker Desktop through 2.2.0.5 on Windows. If a local attacker sets up their own named pipe prior to starting Docker with the same name, this attacker can intercept a connection attempt from Docker Service (which runs as SYSTEM), and then impersonate their privileges. Se detectó un problema en Docker Desktop versiones hasta 2.2.0.5 en Windows. Si un atacante local configura su propia tubería nombrada antes de iniciar Docker con el mismo nombre, este atacante puede interceptar un intento de conexión desde Docker Service (que se ejecuta como SYSTEM) y luego suplantar sus privilegios • https://github.com/CrackerCat/CVE-2020-11492 https://docs.docker.com/docker-for-windows/release-notes https://www.pentestpartners.com/security-blog/docker-desktop-for-windows-privesc-cve-2020-11492 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 6.0EPSS: 0%CPEs: 5EXPL: 1CVE-2020-13401
https://notcve.org/view.php?id=CVE-2020-13401
An issue was discovered in Docker Engine before 19.03.11. An attacker in a container, with the CAP_NET_RAW capability, can craft IPv6 router advertisements, and consequently spoof external IPv6 hosts, obtain sensitive information, or cause a denial of service. Se detectó un problema en Docker Engine versiones anteriores a 19.03.11. Un atacante en un contenedor, con la capacidad CAP_NET_RAW, puede diseñar anuncios de router IPv6, y en consecuencia falsificar hosts IPv6 externos, obtener información confidencial o causar una denegación de servicio. • https://github.com/arax-zaeimi/Docker-Container-CVE-2020-13401 http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00040.html http://www.openwall.com/lists/oss-security/2020/06/01/5 https://docs.docker.com/engine/release-notes https://github.com/docker/docker-ce/releases/tag/v19.03.11 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DN4JQAOXBE3XUNK3FD423LHE3K74EMJT https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject. • CWE-20: Improper Input Validation •
CVSS: 7.2EPSS: 0%CPEs: 3EXPL: 1CVE-2020-10665
https://notcve.org/view.php?id=CVE-2020-10665
Docker Desktop allows local privilege escalation to NT AUTHORITY\SYSTEM because it mishandles the collection of diagnostics with Administrator privileges, leading to arbitrary DACL permissions overwrites and arbitrary file writes. This affects Docker Desktop Enterprise before 2.1.0.9, Docker Desktop for Windows Stable before 2.2.0.4, and Docker Desktop for Windows Edge before 2.2.2.0. Docker Desktop permite una escalada de privilegios locales a NT AUTHORITY\SYSTEM porque maneja inapropiadamente la colección de diagnósticos con privilegios de Administrador, conllevando a sobrescrituras de permisos de la DACL arbitrarios y escrituras arbitrarias de archivos. Esto afecta a Docker Desktop Enterprise versiones anteriores a 2.1.0.9, Docker Desktop for Windows Stable versiones anteriores a 2.2.0.4 y Docker Desktop for Windows Edge versiones anteriores a 2.2.2.0. • https://github.com/spaceraccoon/CVE-2020-10665 https://docs.docker.com/release-notes https://github.com/active-labs/Advisories/blob/master/2020/ACTIVE-2020-002.md • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 1CVE-2020-7606
https://notcve.org/view.php?id=CVE-2020-7606
docker-compose-remote-api through 0.1.4 allows execution of arbitrary commands. Within 'index.js' of the package, the function 'exec(serviceName, cmd, fnStdout, fnStderr, fnExit)' uses the variable 'serviceName' which can be controlled by users without any sanitization. docker-compose-remote-api versiones hasta 0.1.4, permite una ejecución de comandos arbitraria. Dentro del archivo "index.js" del paquete, la función "exec(serviceName, cmd, fnStdout, fnStderr, fnExit)" usa la variable "serviceName" que puede ser controlada por los usuarios sin ningún tipo de saneamiento. • https://snyk.io/vuln/SNYK-JS-DOCKERCOMPOSEREMOTEAPI-560125 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •