Page 2 of 13 results (0.019 seconds)

CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0

util/binfmt_misc/check.go in Builder in Docker Engine before 19.03.9 calls os.OpenFile with a potentially unsafe qemu-check temporary pathname, constructed with an empty first argument in an ioutil.TempDir call. El archivo util/binfmt_misc/check.go en Builder en Docker Engine versiones anteriores a 9.03.9, llama a os.OpenFile con un nombre de ruta temporal qemu-check potencialmente inseguro, construido con un primer argumento vacío en una llamada de ioutil.TempDir. • http://web.archive.org/web/20200530054359/https://docs.docker.com/engine/release-notes https://github.com/moby/buildkit/pull/1462 https://github.com/moby/moby/pull/40877 https://golang.org/pkg/io/ioutil/#TempDir https://golang.org/pkg/os/#TempDir • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 7.5EPSS: 0%CPEs: 27EXPL: 1

runc through 1.0.0-rc8, as used in Docker through 19.03.2-ce and other products, allows AppArmor restriction bypass because libcontainer/rootfs_linux.go incorrectly checks mount targets, and thus a malicious Docker image can mount over a /proc directory. runc versiones hasta 1.0.0-rc8, como es usado en Docker versiones hasta 19.03.2-ce y otros productos, permite omitir la restricción de AppArmor porque el archivo libcontainer/rootfs_linux.go comprueba incorrectamente los destinos de montaje y, por lo tanto, una imagen Docker maliciosa puede ser montada sobre un directorio /proc . • http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00073.html http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00009.html http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00010.html https://access.redhat.com/errata/RHSA-2019:3940 https://access.redhat.com/errata/RHSA-2019:4074 https://access.redhat.com/errata/RHSA-2019:4269 https://github.com/opencontainers/runc/issues/2128 https://lists.debian.org/debian-lts-announce/2023/02/msg00016.html https: • CWE-41: Improper Resolution of Path Equivalence CWE-863: Incorrect Authorization •

CVSS: 9.3EPSS: 0%CPEs: 2EXPL: 1

Docker Desktop Community Edition before 2.1.0.1 allows local users to gain privileges by placing a Trojan horse docker-credential-wincred.exe file in %PROGRAMDATA%\DockerDesktop\version-bin\ as a low-privilege user, and then waiting for an admin or service user to authenticate with Docker, restart Docker, or run 'docker login' to force the command. Docker Desktop Community Edition antes de 2.1.0.1 permite a los usuarios locales obtener privilegios al colocar un archivo trojan horse docker-credential-wincred.exe en% PROGRAMDATA% \ DockerDesktop \ version-bin \ como un usuario con pocos privilegios y luego esperar un administrador o usuario de servicio para identificarse con Docker, reiniciar Docker o ejecutar 'inicio de sesión de docker' para forzar el comando. Docker Desktop Community Edition contains a vulnerability that may allow local users to escalate privileges by placing a trojan horse docker-credential-wincred.exe file in %PROGRAMDATA%\DockerDesktop\version-bin\. • https://www.exploit-db.com/exploits/48388 http://packetstormsecurity.com/files/157404/Docker-Credential-Wincred.exe-Privilege-Escalation.html https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3E https://medium.com/%40morgan.henry.roman/elevation-of-privilege-in-docker-for-windows-2fd8450b478e https://medium.com/@morgan.henry.roman/elevation-of-privilege-in-docker-for-windows-2fd8450b478e • CWE-732: Incorrect Permission Assignment for Critical Resource •

CVSS: 8.4EPSS: 0%CPEs: 1EXPL: 1

In Docker before 18.09.4, an attacker who is capable of supplying or manipulating the build path for the "docker build" command would be able to gain command execution. An issue exists in the way "docker build" processes remote git URLs, and results in command injection into the underlying "git clone" command, leading to code execution in the context of the user executing the "docker build" command. This occurs because git ref can be misinterpreted as a flag. En Docker versiones anteriores a 18.09.4, un atacante que sea capaz de suministrar o manipular la ruta de compilación para el comando "docker build" podría ser capaz de conseguir la ejecución de comandos. Existe un problema en la forma en que "docker build" procesa las URL de git remotas, y resulta en la inyección de comandos en el comando subyacente "git clone", lo que conlleva a la ejecución de código en el contexto del usuario ejecutando el comando "docker build". • https://access.redhat.com/errata/RHBA-2019:3092 https://docs.docker.com/engine/release-notes/#18094 https://github.com/moby/moby/pull/38944 https://seclists.org/bugtraq/2019/Sep/21 https://security.netapp.com/advisory/ntap-20190910-0001 https://staaldraad.github.io/post/2019-07-16-cve-2019-13139-docker-build https://www.debian.org/security/2019/dsa-4521 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •

CVSS: 9.3EPSS: 0%CPEs: 43EXPL: 21

runc through 1.0-rc6, as used in Docker before 18.09.2 and other products, allows attackers to overwrite the host runc binary (and consequently obtain host root access) by leveraging the ability to execute a command as root within one of these types of containers: (1) a new container with an attacker-controlled image, or (2) an existing container, to which the attacker previously had write access, that can be attached with docker exec. This occurs because of file-descriptor mishandling, related to /proc/self/exe. runc, hasta la versión 1.0-rc6, tal y como se emplea en Docker, en versiones anteriores a la 18.09.2 y otros productos, permite que los atacantes sobrescriban el binario del host runc (y, así, obtengan acceso root al host) aprovechando la capacidad para ejecutar un comando como root con uno de estos tipos de contenedores: (1) un nuevo contenedor con una imagen controlada por el atacante o (2) un contenedor existente, para el cual el atacante contaba previamente con acceso de escritura, que puede adjuntarse con docker exec. Esto ocurre debido a la gestión incorrecta del descriptor de archivos; esto está relacionado con /proc/self/exe. A flaw was found in the way runc handled system file descriptors when running containers. A malicious container could use this flaw to overwrite contents of the runc binary and consequently run arbitrary commands on the container host system. • https://github.com/Frichetten/CVE-2019-5736-PoC https://www.exploit-db.com/exploits/46369 https://www.exploit-db.com/exploits/46359 https://github.com/twistlock/RunC-CVE-2019-5736 https://github.com/jas502n/CVE-2019-5736 https://github.com/RyanNgWH/CVE-2019-5736-POC https://github.com/zyriuse75/CVE-2019-5736-PoC https://github.com/likescam/CVE-2019-5736 https://github.com/geropl/CVE-2019-5736 https://github.com/si1ent-le/CVE-2019-5736 https://github.com/ • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') CWE-672: Operation on a Resource after Expiration or Release •