CVE-2014-3499Incorrect Permission Assignment in Docker Docker

CWE-264CWE-732Incorrect Permission AssignmentCWE-266Incorrect Privilege AssignmentCWE-269Improper Privilege Management11 documents7 sources
Severity
7.2HIGHNVD
EPSS
0.0%
top 90.75%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Github.com Docker DockerDockerFedoraproject Fedora
Timeline
PublishedJul 11
Latest updateAug 21

Description

Docker 1.0.0 uses world-readable and world-writable permissions on the management socket, which allows local users to gain privileges via unspecified vectors.

CVSS vector

AV:L/AC:L/C:C/I:C/A:CExploitability: 3.9 | Impact: 10.0

Affected Packages2 packages

NVDdocker/docker1.0.0

Also affects: Fedora 19, 20

🔴Vulnerability Details

4
OSV
Privilege Escalation in Docker in github.com/docker/docker2024-08-21
GHSA
Privilege Escalation in Docker2022-02-15
OSV
Privilege Escalation in Docker2022-02-15
CVEList
CVE-2014-3499: Docker 12014-07-11

📋Vendor Advisories

2
Red Hat
docker: systemd socket activation results in privilege escalation2014-07-01
Debian
CVE-2014-3499: docker.io - Docker 1.0.0 uses world-readable and world-writable permissions on the managemen...2014

💬Community

4
Bugzilla
CVE-2014-3499 docker-io: docker: systemd socket activation results in privilege escalation [epel-6]2014-07-01
Bugzilla
CVE-2014-3499 docker-io: docker: systemd socket activation results in privilege escalation [epel-7]2014-07-01
Bugzilla
CVE-2014-3499 docker-io: docker: systemd socket activation results in privilege escalation [fedora-all]2014-07-01
Bugzilla
CVE-2014-3499 docker: systemd socket activation results in privilege escalation2014-06-20
CVE-2014-3499 — Incorrect Permission Assignment | cvebase