CVE-2024-29018

CWE-66913 documents8 sources
Severity
7.5HIGH
EPSS
0.4%
top 42.00%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Moby MobyGithub.com Docker/dockerMobyproject Moby
Timeline
PublishedMar 20
Latest updateFeb 18

Description

Moby is an open source container framework that is a key component of Docker Engine, Docker Desktop, and other distributions of container tooling or runtimes. Moby's networking implementation allows for many networks, each with their own IP address range and gateway, to be defined. This feature is frequently referred to as custom networks, as each network can have a different driver, set of parameters and thus behaviors. When creating a network, the `--internal` flag is used to designate a netwo

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 2.2 | Impact: 3.6

Affected Packages6 packages

Gogithub.com/docker/docker26.0.0-rc126.0.0-rc3+4
Debiandocker.io< 26.1.4+dfsg1-9+1
Ubuntudocker.io< 18.09.7-0ubuntu1~16.04.9+esm2+2
Ubuntudocker.io-app< 26.1.3-0ubuntu1~20.04.1+esm1+2
CVEListV5moby/moby< 23.0.11+2

🔴Vulnerability Details

7
OSV
Docker vulnerabilities2025-02-18
OSV
Docker vulnerabilities2024-12-16
OSV
Data exfiltration from internal networks in github.com/docker/docker2024-03-22
GHSA
Moby's external DNS requests from 'internal' networks could lead to data exfiltration2024-03-20
CVEList
External DNS requests from 'internal' networks could lead to data exfiltration2024-03-20

📋Vendor Advisories

5
Ubuntu
Docker vulnerabilities2025-02-18
Ubuntu
Docker vulnerabilities2024-12-16
Red Hat
moby: external DNS requests from 'internal' networks could lead to data exfiltration2024-03-20
Microsoft
External DNS requests from 'internal' networks could lead to data exfiltration2024-03-12
Debian
CVE-2024-29018: docker.io - Moby is an open source container framework that is a key component of Docker Eng...2024
CVE-2024-29018 (HIGH CVSS 7.5) | Moby is an open source container fr | cvebase.io