CVE-2019-0204 in Apache and Red Hat Products
Published on March 25, 2019

A specifically crafted Docker image running under the root user can overwrite the init helper binary of the container runtime and/or the command executor in Apache Mesos versions pre-1.4.x, 1.4.0 to 1.4.2, 1.5.0 to 1.5.2, 1.6.0 to 1.6.1, and 1.7.0 to 1.7.1. A malicious actor can therefore gain root-level code execution on the host.

Vendor Advisory NVD

Products Associated with CVE-2019-0204

stack.watch emails you whenever new vulnerabilities are published in Apache Mesos or Red Hat Fuse. Just hit a watch button to start following.

Apache Mesos

Red Hat Fuse

Affected Versions

Apache Mesos:

Version pre-1.4.x is affected.
Version 1.4.0 to 1.4.2 is affected.
Version 1.5.0 to 1.5.2 is affected.
Version 1.6.0 to 1.6.1 is affected.
Version 1.7.0 to 1.7.1 is affected.

Exploit Probability

EPSS

0.18%

Percentile

38.89%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

CVE-2019-0204 in Apache and Red Hat ProductsPublished on March 25, 2019

Products Associated with CVE-2019-0204

Affected Versions

Exploit Probability

CVE-2019-0204 in Apache and Red Hat Products
Published on March 25, 2019