CVE-2020-14298
docker: Security regression of CVE-2019-5736 due to inclusion of vulnerable runc
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
The version of docker as released for Red Hat Enterprise Linux 7 Extras via RHBA-2020:0053 advisory included an incorrect version of runc missing the fix for CVE-2019-5736, which was previously fixed via RHSA-2019:0304. This issue could allow a malicious or compromised container to compromise the container host and other containers running on the same host. This issue only affects docker version 1.13.1-108.git4ef4b30.el7, shipped in Red Hat Enterprise Linux 7 Extras. Both earlier and later versions are not affected.
La versión de Docker según lo publicado para Red Hat Enterprise Linux 7 Extras por medio del aviso RHBA-2020:0053 incluía una versión incorrecta de runc que no tenía la corrección para CVE-2019-5736, que se corrigió previamente por medio de RHSA-2019:0304. Este problema podría permitir a un contenedor malicioso o comprometido comprometer el host del contenedor y otros contenedores que se ejecutan en el mismo host. Este problema solo afecta a la versión 1.13.1-108.git4ef4b30.el7 de docker, incluida en Red Hat Enterprise Linux 7 Extras. Las versiones anteriores y posteriores no están afectadas
The version of docker as released for Red Hat Enterprise Linux 7 Extras via RHBA-2020:0053 advisory included an incorrect version of runc missing the fix for CVE-2019-5736, which was previously fixed via RHSA-2019:0304. This issue could allow a malicious or compromised container to compromise the container host and other containers running on the same host.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2020-06-17 CVE Reserved
- 2020-06-23 CVE Published
- 2023-03-08 EPSS Updated
- 2024-08-04 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-271: Privilege Dropping / Lowering Errors
- CWE-273: Improper Check for Dropped Privileges
CAPEC
References (6)
URL | Tag | Source |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-5736 | 2023-02-12 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Docker Search vendor "Docker" | Docker Search vendor "Docker" for product "Docker" | 1.13.1 Search vendor "Docker" for product "Docker" and version "1.13.1" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Openshift Container Platform Search vendor "Redhat" for product "Openshift Container Platform" | >= 3.0 <= 3.7.61 Search vendor "Redhat" for product "Openshift Container Platform" and version " >= 3.0 <= 3.7.61" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Enterprise Linux Server Search vendor "Redhat" for product "Enterprise Linux Server" | 7.0 Search vendor "Redhat" for product "Enterprise Linux Server" and version "7.0" | - |
Affected
|