CVE-2014-6408

Docker 1.3.0 through 1.3.1 allows remote attackers to modify the default run profile of image containers and possibly bypass the container by applying unspecified security options to an image.

Published: Dec 12, 2014
Updated: May 9, 2024
CVE: CVE-2014-6408
GHSA: GHSA-44gg-pmqr-4669
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 5
AV:N/AC:L/Au:N/C:N/I:P/A:N

CWEs:

CWE-285
CWE-264

OWASP TOP 10:

A5 - Broken Access Control

Affected Software
References

Software	From	Fixed in
docker / docker	1.3.0	1.3.0.x
docker / docker	1.3.1	1.3.1.x
github.com/docker/docker	1.3.0	1.3.2

http://lists.fedoraproject.org/pipermail/package-announce/2014-December/145154.html
http://lists.opensuse.org/opensuse-security-announce/2014-12/msg00009.html
http://secunia.com/advisories/60171
http://secunia.com/advisories/60241
http://www.openwall.com/lists/oss-security/2014/11/24/5
https://docs.docker.com/v1.3/release-notes/
https://github.com/docker/docker/commit/c9379eb3fbbc484c056f5a5e49d8d0b755a29c45
https://lists.fedoraproject.org/pipermail/package-announce/2014-December/145154.html
https://lists.opensuse.org/opensuse-security-announce/2014-12/msg00009.html
https://secunia.com/advisories/60171
https://secunia.com/advisories/60241
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-6408
https://www.openwall.com/lists/oss-security/2014/11/24/5

Vulnerability Database

289,697

CVE-2014-6408