Free and open-source vulnerability scanner
Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.
Install NowAvailable for macOS, Windows, and Linux
Docker < 1.3.3 Multiple Vulnerabilities
Information
Severity
Severity
Family
Family
CVSSv2 Base
CVSSv2 Base
CVSSv2 Vector
CVSSv2 Vector
Solution Type
Solution Type
Created
Created
Modified
Modified
Summary
Docker is prone to multiple vulnerabilities.
Insight
Insight
The following vulnerabilities exist: - CVE-2014-9356: A path traversal vulnerability in Docker allows remote attackers to write to arbitrary files and bypass a container protection mechanism via a full pathname in a symlink in an image or build in a Dockerfile. - CVE-2014-9357: Docker allows remote attackers to execute arbitrary code with root privileges via a crafted image or build in a Dockerfile in an LZMA (.xz) archive, related to the chroot for archive extraction. - CVE-2014-9358: Docker does not properly validate image IDs, which allows remote attackers to conduct path traversal attacks and spoof repositories via a crafted image in a 'docker load' operation or 'registry communications'.
Affected Software
Affected Software
Docker through version 1.3.2.
Detection Method
Detection Method
Checks if a vulnerable version is present on the target host.
Solution
Solution
Update to version 1.3.3 or later.