CVE-2019-14271
Debian Security Advisory 4521-1
Severity Score
9.8
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
1
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
In Docker 19.03.x before 19.03.1 linked against the GNU C Library (aka glibc), code injection can occur when the nsswitch facility dynamically loads a library inside a chroot that contains the contents of the container.
En Docker versión 19.03.x anterior a 19.03.1, vinculado contra la Biblioteca C de GNU (también se conoce como glibc), la inyección de código puede ocurrir cuando la facilidad nsswitch carga dinámicamente una biblioteca dentro de un chroot que alberga el contenido del contenedor.
Three security vulnerabilities have been discovered in the Docker could result in execution of code with root privileges, sensitive data could be logged in debug mode and there was a command injection vulnerability in the "docker build" command.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2019-07-25 CVE Reserved
- 2019-07-29 CVE Published
- 2024-03-19 First Exploit
- 2024-08-05 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-665: Improper Initialization
CAPEC
References (7)
| URL | Tag | Source |
|---|---|---|
| https://docs.docker.com/engine/release-notes | Release Notes | |
| https://github.com/moby/moby/issues/39449 | Third Party Advisory | |
| https://seclists.org/bugtraq/2019/Sep/21 | Mailing List |
|
| https://security.netapp.com/advisory/ntap-20190828-0003 | Third Party Advisory |
|
| URL | Date | SRC |
|---|---|---|
| https://github.com/iridium-soda/CVE-2019-14271_Exploit | 2024-03-19 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00084.html | 2022-04-18 | |
| https://www.debian.org/security/2019/dsa-4521 | 2022-04-18 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Docker Search vendor "Docker" | Docker Search vendor "Docker" for product "Docker" | >= 19.03 < 19.03.1 Search vendor "Docker" for product "Docker" and version " >= 19.03 < 19.03.1" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 10.0 Search vendor "Debian" for product "Debian Linux" and version "10.0" | - |
Affected
| ||||||
| Opensuse Search vendor "Opensuse" | Leap Search vendor "Opensuse" for product "Leap" | 15.0 Search vendor "Opensuse" for product "Leap" and version "15.0" | - |
Affected
| ||||||
| Opensuse Search vendor "Opensuse" | Leap Search vendor "Opensuse" for product "Leap" | 15.1 Search vendor "Opensuse" for product "Leap" and version "15.1" | - |
Affected
| ||||||