CVE-2017-20198P2CRITICALCVSS 9.3PoCfixed in 1.9.02025-07-23
CVE-2017-20198 [CRITICAL] CWE-732 CVE-2017-20198: The Marathon UI in DC/OS < 1.9.0 allows unauthenticated users to deploy arbitrary Docker containers.
The Marathon UI in DC/OS < 1.9.0 allows unauthenticated users to deploy arbitrary Docker containers. Due to improper restriction of volume mount configurations, attackers can deploy a container that mounts the host's root filesystem (/) with read/write privileges. When using a malicious Docker image, the attacker can write to /etc/cron.d/ on the h
nvd