Docker
Products by Docker Sorted by Most Security Vulnerabilities since 2018
Known Exploited Docker Vulnerabilities
The following Docker vulnerabilities have been marked by CISA as Known to be Exploited by threat actors.
Title | Description | Added |
---|---|---|
Docker Desktop Community Edition Privilege Escalation Vulnerability | Docker Desktop Community Edition before 2.1.0.1 allows local users to gain privileges by placing a Trojan horse docker-credential-wincred.exe file in %PROGRAMDATA%\DockerDesktop\version-bin\ as a low-privilege user, and then waiting for an admin or service user to authenticate with Docker, restart Docker, or run 'docker login' to force the command. CVE-2019-15752 | November 3, 2021 |
By the Year
In 2024 there have been 1 vulnerability in Docker with an average score of 5.5 out of ten. Last year Docker had 14 security vulnerabilities published. Right now, Docker is on track to have less security vulnerabilities in 2024 than it did last year. Last year, the average CVE base score was greater by 2.19
Year | Vulnerabilities | Average Score |
---|---|---|
2024 | 1 | 5.50 |
2023 | 14 | 7.69 |
2022 | 1 | 5.50 |
2021 | 4 | 7.15 |
2020 | 20 | 9.03 |
2019 | 10 | 7.27 |
2018 | 2 | 7.05 |
It may take a day or so for new Docker vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Docker Security Vulnerabilities
In Docker Desktop on Windows before v4.31.0
CVE-2024-5652
5.5 - Medium
- July 09, 2024
In Docker Desktop on Windows before v4.31.0 allows a user in the docker-users group to cause a Windows Denial-of-Service through the exec-path Docker daemon config option in Windows containers mode.
Docker Machine through 0.16.2 allows an attacker, who has control of a worker node, to provide crafted version data, which might potentially trick an administrator into performing an unsafe action (via escape sequence injection), or might have a data size
CVE-2023-40453
6.5 - Medium
- November 07, 2023
Docker Machine through 0.16.2 allows an attacker, who has control of a worker node, to provide crafted version data, which might potentially trick an administrator into performing an unsafe action (via escape sequence injection), or might have a data size that causes a denial of service to a bastion node. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
Docker Desktop before 4.23.0
CVE-2023-5165
8.8 - High
- September 25, 2023
Docker Desktop before 4.23.0 allows an unprivileged user to bypass Enhanced Container Isolation (ECI) restrictions via the debug shell which remains accessible for a short time window after launching Docker Desktop. The affected functionality is available for Docker Business customers only and assumes an environment where users are not granted local root or Administrator privileges. This issue has been fixed in Docker Desktop 4.23.0. Affected Docker Desktop versions: from 4.13.0 before 4.23.0.
AuthZ
Docker Desktop before 4.23.0 allows Access Token theft via a crafted extension icon URL
CVE-2023-5166
6.5 - Medium
- September 25, 2023
Docker Desktop before 4.23.0 allows Access Token theft via a crafted extension icon URL. This issue affects Docker Desktop: before 4.23.0.
Docker Desktop before 4.12.0 is vulnerable to RCE via a crafted extension description or changelog
CVE-2023-0625
9.8 - Critical
- September 25, 2023
Docker Desktop before 4.12.0 is vulnerable to RCE via a crafted extension description or changelog. This issue affects Docker Desktop: before 4.12.0.
Code Injection
Docker Desktop before 4.12.0 is vulnerable to RCE via query parameters in message-box route
CVE-2023-0626
9.8 - Critical
- September 25, 2023
Docker Desktop before 4.12.0 is vulnerable to RCE via query parameters in message-box route. This issue affects Docker Desktop: before 4.12.0.
Code Injection
Docker Desktop 4.11.x
CVE-2023-0627
7.8 - High
- September 25, 2023
Docker Desktop 4.11.x allows --no-windows-containers flag bypass via IPC response spoofing which may lead to Local Privilege Escalation (LPE).This issue affects Docker Desktop: 4.11.X.
In Docker Desktop on Windows before 4.12.0 an argument injection to installer may result in local privilege escalation (LPE).This issue affects Docker Desktop: before 4.12.0.
CVE-2023-0633
7.8 - High
- September 25, 2023
In Docker Desktop on Windows before 4.12.0 an argument injection to installer may result in local privilege escalation (LPE).This issue affects Docker Desktop: before 4.12.0.
Argument Injection
Docker Desktop for Windows before 4.6.0
CVE-2022-34292
7.1 - High
- April 27, 2023
Docker Desktop for Windows before 4.6.0 allows attackers to overwrite any file through a symlink attack on the hyperv/create dockerBackendV2 API by controlling the DataFolder parameter for DockerDesktop.vhdx, a similar issue to CVE-2022-31647.
insecure temporary file
Docker Desktop for Windows before 4.6
CVE-2022-38730
6.3 - Medium
- April 27, 2023
Docker Desktop for Windows before 4.6 allows attackers to overwrite any file through the windowscontainers/start dockerBackendV2 API by controlling the data-root field inside the DaemonJSON field in the WindowsContainerStartRequest class. This allows exploiting a symlink vulnerability in ..\dataRoot\network\files\local-kv.db because of a TOCTOU race condition.
insecure temporary file
Docker Desktop for Windows before 4.6.0
CVE-2022-37326
7.8 - High
- April 27, 2023
Docker Desktop for Windows before 4.6.0 allows attackers to delete (or create) any file through the dockerBackendV2 windowscontainers/start API by controlling the pidfile field inside the DaemonJSON field in the WindowsContainerStartRequest class. This can indirectly lead to privilege escalation.
Docker Desktop before 4.6.0 on Windows
CVE-2022-31647
7.1 - High
- April 27, 2023
Docker Desktop before 4.6.0 on Windows allows attackers to delete any file through the hyperv/destroy dockerBackendV2 API via a symlink in the DataFolder parameter, a different vulnerability than CVE-2022-26659.
insecure temporary file
In Docker Desktop 4.17.x the Artifactory Integration falls back to sending registry credentials over plain HTTP if the HTTPS health check has failed
CVE-2023-1802
7.5 - High
- April 06, 2023
In Docker Desktop 4.17.x the Artifactory Integration falls back to sending registry credentials over plain HTTP if the HTTPS health check has failed. A targeted network sniffing attack can lead to a disclosure of sensitive information. Only users who have Access Experimental Features enabled and have logged in to a private registry are affected.
Cleartext Transmission of Sensitive Information
Docker Desktop before 4.17.0
CVE-2023-0628
7.8 - High
- March 13, 2023
Docker Desktop before 4.17.0 allows an attacker to execute an arbitrary command inside a Dev Environments container during initialization by tricking a user to open a crafted malicious docker-desktop:// URL.
Command Injection
Docker Desktop before 4.17.0
CVE-2023-0629
7.1 - High
- March 13, 2023
Docker Desktop before 4.17.0 allows an unprivileged user to bypass Enhanced Container Isolation (ECI) restrictions by setting the Docker host to docker.raw.sock, or npipe:////.pipe/docker_engine_linux on Windows, via the -H (--host) CLI flag or the DOCKER_HOST environment variable and launch containers without the additional hardening features provided by ECI. This would not affect already running containers, nor containers launched through the usual approach (without Docker's raw socket). The affected functionality is available for Docker Business customers only and assumes an environment where users are not granted local root or Administrator privileges. This issue has been fixed in Docker Desktop 4.17.0. Affected Docker Desktop versions: from 4.13.0 before 4.17.0.
Docker Desktop version 4.3.0 and 4.3.1 has a bug
CVE-2021-45449
5.5 - Medium
- January 12, 2022
Docker Desktop version 4.3.0 and 4.3.1 has a bug that may log sensitive information (access token or password) on the user's machine during login. This only affects users if they are on Docker Desktop 4.3.0, 4.3.1 and the user has logged in while on 4.3.0, 4.3.1. Gaining access to this data would require having access to the users local files.
Insertion of Sensitive Information into Log File
Docker CLI is the command line interface for the docker container runtime
CVE-2021-41092
7.5 - High
- October 04, 2021
Docker CLI is the command line interface for the docker container runtime. A bug was found in the Docker CLI where running `docker login my-private-registry.example.com` with a misconfigured configuration file (typically `~/.docker/config.json`) listing a `credsStore` or `credHelpers` that could not be executed would result in any provided credentials being sent to `registry-1.docker.io` rather than the intended private registry. This bug has been fixed in Docker CLI 20.10.9. Users should update to this version as soon as possible. For users unable to update ensure that any configured credsStore or credHelpers entries in the configuration file reference an installed credential helper that is executable and on the PATH.
Information Disclosure
Docker Desktop before 3.6.0 suffers from incorrect access control
CVE-2021-37841
7.8 - High
- August 12, 2021
Docker Desktop before 3.6.0 suffers from incorrect access control. If a low-privileged account is able to access the server running the Windows containers, it can lead to a full container compromise in both process isolation and Hyper-V isolation modes. This security issue leads an attacker with low privilege to read, write and possibly even execute code inside the containers.
Incorrect Permission Assignment for Critical Resource
In Docker before versions 9.03.15, 20.10.3 there is a vulnerability in
CVE-2021-21285
6.5 - Medium
- February 02, 2021
In Docker before versions 9.03.15, 20.10.3 there is a vulnerability in which pulling an intentionally malformed Docker image manifest crashes the dockerd daemon. Versions 20.10.3 and 19.03.15 contain patches that prevent the daemon from crashing.
Improper Check for Unusual or Exceptional Conditions
In Docker before versions 9.03.15, 20.10.3 there is a vulnerability involving the --userns-remap option in which access to remapped root
CVE-2021-21284
6.8 - Medium
- February 02, 2021
In Docker before versions 9.03.15, 20.10.3 there is a vulnerability involving the --userns-remap option in which access to remapped root allows privilege escalation to real root. When using "--userns-remap", if the root user in the remapped namespace has access to the host filesystem they can modify files under "/var/lib/docker/<remapping>" that cause writing files with extended privileges. Versions 20.10.3 and 19.03.15 contain patches that prevent privilege escalation from remapped user.
Directory traversal
util/binfmt_misc/check.go in Builder in Docker Engine before 19.03.9 calls os.OpenFile with a potentially unsafe qemu-check temporary pathname
CVE-2020-27534
5.3 - Medium
- December 30, 2020
util/binfmt_misc/check.go in Builder in Docker Engine before 19.03.9 calls os.OpenFile with a potentially unsafe qemu-check temporary pathname, constructed with an empty first argument in an ioutil.TempDir call.
Directory traversal
The official composer docker images before 1.8.3 contain a blank password for a root user
CVE-2020-35184
9.8 - Critical
- December 17, 2020
The official composer docker images before 1.8.3 contain a blank password for a root user. System using the composer docker container deployed by affected versions of the docker image may allow a remote attacker to achieve root access with a blank password.
Missing Authentication for Critical Function
The official adminer docker images before 4.7.0-fastcgi contain a blank password for a root user
CVE-2020-35186
9.8 - Critical
- December 17, 2020
The official adminer docker images before 4.7.0-fastcgi contain a blank password for a root user. System using the adminer docker container deployed by affected versions of the docker image may allow a remote attacker to achieve root access with a blank password.
Missing Authentication for Critical Function
The official haproxy docker images before 1.8.18-alpine (Alpine specific) contain a blank password for a root user
CVE-2020-35195
9.8 - Critical
- December 17, 2020
The official haproxy docker images before 1.8.18-alpine (Alpine specific) contain a blank password for a root user. System using the haproxy docker container deployed by affected versions of the docker image may allow a remote attacker to achieve root access with a blank password.
Missing Authentication for Critical Function
The official rabbitmq docker images before 3.7.13-beta.1-management-alpine (Alpine specific) contain a blank password for a root user
CVE-2020-35196
9.8 - Critical
- December 17, 2020
The official rabbitmq docker images before 3.7.13-beta.1-management-alpine (Alpine specific) contain a blank password for a root user. System using the rabbitmq docker container deployed by affected versions of the docker image may allow a remote attacker to achieve root access with a blank password.
Missing Authentication for Critical Function
The official memcached docker images before 1.5.11-alpine (Alpine specific) contain a blank password for a root user
CVE-2020-35197
9.8 - Critical
- December 17, 2020
The official memcached docker images before 1.5.11-alpine (Alpine specific) contain a blank password for a root user. System using the memcached docker container deployed by affected versions of the docker image may allow a remote attacker to achieve root access with a blank password.
Missing Authentication for Critical Function
The official ghost docker images before 2.16.1-alpine (Alpine specific) contain a blank password for a root user
CVE-2020-35185
9.8 - Critical
- December 17, 2020
The official ghost docker images before 2.16.1-alpine (Alpine specific) contain a blank password for a root user. System using the ghost docker container deployed by affected versions of the docker image may allow a remote attacker to achieve root access with a blank password.
Missing Authentication for Critical Function
The Docker Docs Docker image through 2020-12-14 contains a blank password for the root user
CVE-2020-35467
9.8 - Critical
- December 15, 2020
The Docker Docs Docker image through 2020-12-14 contains a blank password for the root user. Systems deployed using affected versions of the Docker Docs container may allow a remote attacker to achieve root access with a blank password.
Missing Authentication for Critical Function
Versions of the Official registry Docker images through 2.7.0 contain a blank password for the root user
CVE-2020-29591
9.8 - Critical
- December 11, 2020
Versions of the Official registry Docker images through 2.7.0 contain a blank password for the root user. Systems deployed using affected versions of the registry container may allow a remote attacker to achieve root access with a blank password.
Weak Password Requirements
The official notary docker images before signer-0.6.1-1 contain a blank password for a root user
CVE-2020-29601
9.8 - Critical
- December 08, 2020
The official notary docker images before signer-0.6.1-1 contain a blank password for a root user. System using the notary docker container deployed by affected versions of the docker image may allow an remote attacker to achieve root access with a blank password.
The official elixir Docker images before 1.8.0-alpine (Alpine specific) contain a blank password for a root user
CVE-2020-29575
9.8 - Critical
- December 08, 2020
The official elixir Docker images before 1.8.0-alpine (Alpine specific) contain a blank password for a root user. Systems using the elixir Linux Docker container deployed by affected versions of the Docker image may allow a remote attacker to achieve root access with a blank password.
The official spiped docker images before 1.5-alpine contain a blank password for a root user
CVE-2020-29581
9.8 - Critical
- December 08, 2020
The official spiped docker images before 1.5-alpine contain a blank password for a root user. Systems using the spiped docker container deployed by affected versions of the docker image may allow an remote attacker to achieve root access with a blank password.
The official storm Docker images before 1.2.1 contain a blank password for a root user
CVE-2020-29580
9.8 - Critical
- December 08, 2020
The official storm Docker images before 1.2.1 contain a blank password for a root user. Systems using the Storm Docker container deployed by affected versions of the Docker image may allow an remote attacker to achieve root access with a blank password.
The official Crux Linux Docker images 3.0 through 3.4 contain a blank password for a root user
CVE-2020-29389
9.8 - Critical
- December 02, 2020
The official Crux Linux Docker images 3.0 through 3.4 contain a blank password for a root user. System using the Crux Linux Docker container deployed by affected versions of the Docker image may allow an attacker to achieve root access with a blank password.
Missing Authentication for Critical Function
The docker packages version docker-1.13.1-108.git4ef4b30.el7 as released for Red Hat Enterprise Linux 7 Extras via RHBA-2020:0053 (https://access.redhat.com/errata/RHBA-2020:0053) included an incorrect version of runc
CVE-2020-14300
8.8 - High
- July 13, 2020
The docker packages version docker-1.13.1-108.git4ef4b30.el7 as released for Red Hat Enterprise Linux 7 Extras via RHBA-2020:0053 (https://access.redhat.com/errata/RHBA-2020:0053) included an incorrect version of runc that was missing multiple bug and security fixes. One of the fixes regressed in that update was the fix for CVE-2016-9962, that was previously corrected in the docker packages in Red Hat Enterprise Linux 7 Extras via RHSA-2017:0116 (https://access.redhat.com/errata/RHSA-2017:0116). The CVE-2020-14300 was assigned to this security regression and it is specific to the docker packages produced by Red Hat. The original issue - CVE-2016-9962 - could possibly allow a process inside container to compromise a process entering container namespace and execute arbitrary code outside of the container. This could lead to compromise of the container host or other containers running on the same container host. This issue only affects a single version of Docker, 1.13.1-108.git4ef4b30, shipped in Red Hat Enterprise Linux 7. Both earlier and later versions are not affected.
Improper Check for Dropped Privileges
The version of docker as released for Red Hat Enterprise Linux 7 Extras
CVE-2020-14298
8.8 - High
- July 13, 2020
The version of docker as released for Red Hat Enterprise Linux 7 Extras via RHBA-2020:0053 advisory included an incorrect version of runc missing the fix for CVE-2019-5736, which was previously fixed via RHSA-2019:0304. This issue could allow a malicious or compromised container to compromise the container host and other containers running on the same host. This issue only affects docker version 1.13.1-108.git4ef4b30.el7, shipped in Red Hat Enterprise Linux 7 Extras. Both earlier and later versions are not affected.
Improper Check for Dropped Privileges
com.docker.vmnetd in Docker Desktop 2.3.0.3
CVE-2020-15360
7.8 - High
- June 27, 2020
com.docker.vmnetd in Docker Desktop 2.3.0.3 allows privilege escalation because of a lack of client verification.
AuthZ
An issue was discovered in Docker Engine before 19.03.11
CVE-2020-13401
6 - Medium
- June 02, 2020
An issue was discovered in Docker Engine before 19.03.11. An attacker in a container, with the CAP_NET_RAW capability, can craft IPv6 router advertisements, and consequently spoof external IPv6 hosts, obtain sensitive information, or cause a denial of service.
Improper Input Validation
Docker Desktop allows local privilege escalation to NT AUTHORITY\SYSTEM
CVE-2020-10665
6.7 - Medium
- March 18, 2020
Docker Desktop allows local privilege escalation to NT AUTHORITY\SYSTEM because it mishandles the collection of diagnostics with Administrator privileges, leading to arbitrary DACL permissions overwrites and arbitrary file writes. This affects Docker Desktop Enterprise before 2.1.0.9, Docker Desktop for Windows Stable before 2.2.0.4, and Docker Desktop for Windows Edge before 2.2.2.0.
insecure temporary file
An issue was found in Docker before 1.6.0
CVE-2014-0048
9.8 - Critical
- January 02, 2020
An issue was found in Docker before 1.6.0. Some programs and scripts in Docker are downloaded via HTTP and then executed or used in unsafe ways.
Improper Input Validation
Docker Engine before 1.8.3 and CS Docker Engine before 1.6.2-CS7 does not properly validate and extract the manifest object from its JSON representation during a pull, which
CVE-2014-8179
7.5 - High
- December 17, 2019
Docker Engine before 1.8.3 and CS Docker Engine before 1.6.2-CS7 does not properly validate and extract the manifest object from its JSON representation during a pull, which allows attackers to inject new attributes in a JSON object and bypass pull-by-digest validation.
Improper Input Validation
Docker Engine before 1.8.3 and CS Docker Engine before 1.6.2-CS7 do not use a globally unique identifier to store image layers, which makes it easier for attackers to poison the image cache
CVE-2014-8178
5.5 - Medium
- December 17, 2019
Docker Engine before 1.8.3 and CS Docker Engine before 1.6.2-CS7 do not use a globally unique identifier to store image layers, which makes it easier for attackers to poison the image cache via a crafted image in pull or push commands.
Improper Input Validation
runc through 1.0.0-rc8, as used in Docker through 19.03.2-ce and other products
CVE-2019-16884
7.5 - High
- September 25, 2019
runc through 1.0.0-rc8, as used in Docker through 19.03.2-ce and other products, allows AppArmor restriction bypass because libcontainer/rootfs_linux.go incorrectly checks mount targets, and thus a malicious Docker image can mount over a /proc directory.
AuthZ
In Docker before 18.09.4, an attacker who is capable of supplying or manipulating the build path for the "docker build" command
CVE-2019-13139
8.4 - High
- August 22, 2019
In Docker before 18.09.4, an attacker who is capable of supplying or manipulating the build path for the "docker build" command would be able to gain command execution. An issue exists in the way "docker build" processes remote git URLs, and results in command injection into the underlying "git clone" command, leading to code execution in the context of the user executing the "docker build" command. This occurs because git ref can be misinterpreted as a flag.
Shell injection
In Docker 19.03.x before 19.03.1 linked against the GNU C Library (aka glibc), code injection can occur when the nsswitch facility dynamically loads a library inside a chroot
CVE-2019-14271
9.8 - Critical
- July 29, 2019
In Docker 19.03.x before 19.03.1 linked against the GNU C Library (aka glibc), code injection can occur when the nsswitch facility dynamically loads a library inside a chroot that contains the contents of the container.
Improper Initialization
docker-credential-helpers before 0.6.3 has a double free in the List functions.
CVE-2019-1020014
5.5 - Medium
- July 29, 2019
docker-credential-helpers before 0.6.3 has a double free in the List functions.
Double-free
In Docker CE and EE before 18.09.8 (as well as Docker EE before 17.06.2-ee-23 and 18.x before 18.03.1-ee-10)
CVE-2019-13509
7.5 - High
- July 18, 2019
In Docker CE and EE before 18.09.8 (as well as Docker EE before 17.06.2-ee-23 and 18.x before 18.03.1-ee-10), Docker Engine in debug mode may sometimes add secrets to the debug log. This applies to a scenario where docker stack deploy is run to redeploy a stack that includes (non external) secrets. It potentially applies to other API users of the stack API if they resend the secret.
Insertion of Sensitive Information into Log File
In Docker through 18.06.1-ce-rc2, the API endpoints behind the 'docker cp' command are vulnerable to a symlink-exchange attack with Directory Traversal, giving attackers arbitrary read-write access to the host filesystem with root privileges
CVE-2018-15664
7.5 - High
- May 23, 2019
In Docker through 18.06.1-ce-rc2, the API endpoints behind the 'docker cp' command are vulnerable to a symlink-exchange attack with Directory Traversal, giving attackers arbitrary read-write access to the host filesystem with root privileges, because daemon/archive.go does not do archive operations on a frozen filesystem (or from within a chroot).
Race Condition
runc through 1.0-rc6, as used in Docker before 18.09.2 and other products, allows attackers to overwrite the host runc binary (and consequently obtain host root access) by leveraging the ability to execute a command as root within one of these types of containers: (1) a new container with an attacker-controlled image, or (2) an existing container, to which the attacker previously had write access
CVE-2019-5736
8.6 - High
- February 11, 2019
runc through 1.0-rc6, as used in Docker before 18.09.2 and other products, allows attackers to overwrite the host runc binary (and consequently obtain host root access) by leveraging the ability to execute a command as root within one of these types of containers: (1) a new container with an attacker-controlled image, or (2) an existing container, to which the attacker previously had write access, that can be attached with docker exec. This occurs because of file-descriptor mishandling, related to /proc/self/exe.
Shell injection
Docker Engine before 18.09
CVE-2018-20699
4.9 - Medium
- January 12, 2019
Docker Engine before 18.09 allows attackers to cause a denial of service (dockerd memory consumption) via a large integer in a --cpuset-mems or --cpuset-cpus value, related to daemon/daemon_unix.go, pkg/parsers/parsers.go, and pkg/sysinfo/sysinfo.go.
Resource Exhaustion
HandleRequestAsync in Docker for Windows before 18.06.0-ce-rc3-win68 (edge) and before 18.06.0-ce-win72 (stable) deserialized requests over the \\
CVE-2018-15514
8.8 - High
- September 01, 2018
HandleRequestAsync in Docker for Windows before 18.06.0-ce-rc3-win68 (edge) and before 18.06.0-ce-win72 (stable) deserialized requests over the \\.\pipe\dockerBackend named pipe without verifying the validity of the deserialized .NET objects. This would allow a malicious user in the "docker-users" group (who may not otherwise have administrator access) to escalate to administrator privileges.
Marshaling, Unmarshaling
The default OCI linux spec in oci/defaults{_linux}.go in Docker/Moby from 1.11 to current does not block /proc/acpi pathnames
CVE-2018-10892
5.3 - Medium
- July 06, 2018
The default OCI linux spec in oci/defaults{_linux}.go in Docker/Moby from 1.11 to current does not block /proc/acpi pathnames. The flaw allows an attacker to modify host's hardware like enabling/disabling bluetooth or turning up/down keyboard brightness.
Execution with Unnecessary Privileges
Lack of content verification in Docker-CE (Also known as Moby) versions 1.12.6-0, 1.10.3, 17.03.0, 17.03.1, 17.03.2, 17.06.0, 17.06.1, 17.06.2, 17.09.0, and earlier
CVE-2017-14992
6.5 - Medium
- November 01, 2017
Lack of content verification in Docker-CE (Also known as Moby) versions 1.12.6-0, 1.10.3, 17.03.0, 17.03.1, 17.03.2, 17.06.0, 17.06.1, 17.06.2, 17.09.0, and earlier allows a remote attacker to cause a Denial of Service via a crafted image layer payload, aka gzip bombing.
Improper Input Validation
Docker Registry before 2.6.2 in Docker Distribution does not properly restrict the amount of content accepted from a user, which
CVE-2017-11468
7.5 - High
- July 20, 2017
Docker Registry before 2.6.2 in Docker Distribution does not properly restrict the amount of content accepted from a user, which allows remote attackers to cause a denial of service (memory consumption) via the manifest endpoint.
Allocation of Resources Without Limits or Throttling
Rancher Labs rancher server 1.2.0+ is vulnerable to authenticated users disabling access control via an API call
CVE-2017-7297
8.8 - High
- March 29, 2017
Rancher Labs rancher server 1.2.0+ is vulnerable to authenticated users disabling access control via an API call. This is fixed in versions rancher/server:v1.2.4, rancher/server:v1.3.5, rancher/server:v1.4.3, and rancher/server:v1.5.3.
The SwarmKit toolkit 1.12.0 for Docker
CVE-2016-6595
6.5 - Medium
- January 04, 2017
The SwarmKit toolkit 1.12.0 for Docker allows remote authenticated users to cause a denial of service (prevention of cluster joins) via a long sequence of join and quit actions. NOTE: the vendor disputes this issue, stating that this sequence is not "removing the state that is left by old nodes. At some point the manager obviously stops being able to accept new nodes, since it runs out of memory. Given that both for Docker swarm and for Docker Swarmkit nodes are *required* to provide a secret token (it's actually the only mode of operation), this means that no adversary can simply join nodes and exhaust manager resources. We can't do anything about a manager running out of memory and not being able to add new legitimate nodes to the system. This is merely a resource provisioning issue, and definitely not a CVE worthy vulnerability.
Resource Management Errors
libcontainer/user/user.go in runC before 0.1.0, as used in Docker before 1.11.2, improperly treats a numeric UID as a potential username, which
CVE-2016-3697
7.8 - High
- June 01, 2016
libcontainer/user/user.go in runC before 0.1.0, as used in Docker before 1.11.2, improperly treats a numeric UID as a potential username, which allows local users to gain privileges via a numeric username in the password file in a container.
Permissions, Privileges, and Access Controls
Libcontainer 1.6.0, as used in Docker Engine
CVE-2015-3629
7.8 - High
- May 18, 2015
Libcontainer 1.6.0, as used in Docker Engine, allows local users to escape containerization ("mount namespace breakout") and write to arbitrary file on the host system via a symlink attack in an image when respawning a container.
insecure temporary file
Docker 1.0.0 uses world-readable and world-writable permissions on the management socket, which
CVE-2014-3499
- July 11, 2014
Docker 1.0.0 uses world-readable and world-writable permissions on the management socket, which allows local users to gain privileges via unspecified vectors.
Permissions, Privileges, and Access Controls