CVE-2020-14298

CWE-273 CWE-2716 documents6 sources

Severity

8.8HIGH

EPSS

0.1%

top 67.29%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Redhat Openshift Container Platform Docker Docker Redhat Enterprise Linux Server

Timeline

PublishedJul 13

Latest updateMay 24

Description

The version of docker as released for Red Hat Enterprise Linux 7 Extras via RHBA-2020:0053 advisory included an incorrect version of runc missing the fix for CVE-2019-5736, which was previously fixed via RHSA-2019:0304. This issue could allow a malicious or compromised container to compromise the container host and other containers running on the same host. This issue only affects docker version 1.13.1-108.git4ef4b30.el7, shipped in Red Hat Enterprise Linux 7 Extras. Both earlier and later versi…

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:HExploitability: 2.0 | Impact: 6.0

Affected Packages4 packages

▶NVDredhat/enterprise_linux_server7.0

▶NVDredhat/openshift_container_platform3.0 — 3.7.61

▶CVEListV5dockerAffected version is 1.13.1-108.git4ef4b30.el7 shipped in Red Hat Enterprise Linux 7 Extras

▶NVDdocker/docker1.13.1

Patches

Patch: bugzilla.redhat.com ↗Patch: bugzilla.redhat.com ↗

🔴Vulnerability Details

GHSA

GHSA-vqjv-866h-qv94: The version of docker as released for Red Hat Enterprise Linux 7 Extras via RHBA-2020:0053 advisory included an incorrect version of runc missing the↗2022-05-24

▶

CVEList

CVE-2020-14298: The version of docker as released for Red Hat Enterprise Linux 7 Extras via RHBA-2020:0053 advisory included an incorrect version of runc missing the↗2020-07-13

▶

📋Vendor Advisories

Red Hat

docker: Security regression of CVE-2019-5736 due to inclusion of vulnerable runc↗2020-06-23

▶

Debian

CVE-2020-14298: docker.io - The version of docker as released for Red Hat Enterprise Linux 7 Extras via RHBA...↗2020

▶

💬Community

Bugzilla

CVE-2020-14298 docker: Security regression of CVE-2019-5736 due to inclusion of vulnerable runc↗2020-06-18

▶