CVE-2014-6408Improper Authorization in Docker Docker

CWE-264CWE-285Improper Authorization11 documents7 sources
Severity
5.0MEDIUMNVD
EPSS
1.6%
top 18.08%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Github.com Docker DockerDocker
Timeline
PublishedDec 12
Latest updateAug 21

Description

Docker 1.3.0 through 1.3.1 allows remote attackers to modify the default run profile of image containers and possibly bypass the container by applying unspecified security options to an image.

CVSS vector

AV:N/AC:L/C:N/I:P/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages2 packages

Gogithub.com/docker_docker1.3.01.3.2
NVDdocker/docker1.3.0, 1.3.1+1

🔴Vulnerability Details

5
OSV
Access Restriction Bypass in Docker in github.com/docker/docker2024-08-21
GHSA
Access Restriction Bypass in Docker2022-02-15
OSV
Access Restriction Bypass in Docker2022-02-15
OSV
CVE-2014-6408: Docker 12014-12-12
CVEList
CVE-2014-6408: Docker 12014-12-12

📋Vendor Advisories

2
Red Hat
docker: potential container escalation2014-11-24
Debian
CVE-2014-6408: docker.io - Docker 1.3.0 through 1.3.1 allows remote attackers to modify the default run pro...2014

💬Community

3
Bugzilla
CVE-2014-6408 CVE-2014-6407 docker-io: various flaws [epel-6]2014-11-25
Bugzilla
CVE-2014-6408 CVE-2014-6407 docker-io: various flaws [fedora-all]2014-11-25
Bugzilla
CVE-2014-6408 docker: potential container escalation2014-11-25
CVE-2014-6408 — Improper Authorization in Docker Docker | cvebase