CVE-2020-13401 — Improper Input Validation in Docker Docker-ce

CWE-20 — Improper Input Validation CWE-300 — Channel Accessible by Non-Endpoint9 documents8 sources

Severity

6.0MEDIUMNVD

EPSS

12.9%

top 5.94%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Github.com Docker Docker-ce Docker Engine Debian Linux +1 more

Timeline

PublishedJun 2

Latest updateJun 7

Description

An issue was discovered in Docker Engine before 19.03.11. An attacker in a container, with the CAP_NET_RAW capability, can craft IPv6 router advertisements, and consequently spoof external IPv6 hosts, obtain sensitive information, or cause a denial of service.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:LExploitability: 1.8 | Impact: 3.7

Affected Packages2 packages

▶NVDdocker/engine< 19.03.11

▶Gogithub.com/docker_docker-ce< 19.03.11

Also affects: Debian Linux 10.0, Fedora 31, 32

🔴Vulnerability Details

OSV

Improper Input Validation in Docker Engine↗2022-02-15

▶

GHSA

Improper Input Validation in Docker Engine↗2022-02-15

▶

OSV

CVE-2020-13401: An issue was discovered in Docker Engine before 19↗2020-06-02

▶

CVEList

CVE-2020-13401: An issue was discovered in Docker Engine before 19↗2020-06-02

▶

📋Vendor Advisories

Red Hat

docker: IPv6 router advertisements allow for MitM attacks↗2020-06-01

▶

Debian

CVE-2020-13401: docker.io - An issue was discovered in Docker Engine before 19.03.11. An attacker in a conta...↗2020

▶

📄Research Papers

arXiv

Towards a Security Stress-Test for Cloud Configurations↗2022-06-07

▶

💬Community

Bugzilla

CVE-2020-13401 docker: IPv6 router advertisements allow for MitM attacks↗2020-05-08

▶