Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
docker vulnerabilities and exploits
(subscribe to this query)
4
CVSSv2
CVE-2017-1000094
Docker Commons Plugin provides a list of applicable credential IDs to allow users configuring a job to select the one they'd like to use to authenticate with a Docker Registry. This functionality did not check permissions, allowing any user with Overall/Read permission to ge...
Jenkins Docker Commons
10
CVSSv2
CVE-2020-29602
The official irssi docker images prior to 1.1-alpine (Alpine specific) contain a blank password for a root user. System using the irssi docker container deployed by affected versions of the Docker image may allow an remote malicious user to achieve root access with a blank passwo...
Irssi Docker Image
6.5
CVSSv2
CVE-2022-20617
Jenkins Docker Commons Plugin 1.17 and previous versions does not sanitize the name of an image or a tag, resulting in an OS command execution vulnerability exploitable by attackers with Item/Configure permission or able to control the contents of a previously configured job'...
Jenkins Docker Commons
7.5
CVSSv2
CVE-2020-11710
An issue exists in docker-kong (for Kong) up to and including 2.0.3. The admin API port may be accessible on interfaces other than 127.0.0.1. NOTE: The vendor argue that this CVE is not a vulnerability because it has an inaccurate bug scope and patch links. “1) Inaccurate B...
Konghq Docker-kong
2 Github repositories
NA
CVE-2023-40350
Jenkins Docker Swarm Plugin 1.11 and previous versions does not escape values returned from Docker before inserting them into the Docker Swarm Dashboard view, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control responses from Do...
Jenkins Docker Swarm
10
CVSSv2
CVE-2020-35466
The Blackfire Docker image through 2020-12-14 contains a blank password for the root user. Systems deployed using affected versions of the Blackfire container may allow a remote malicious user to achieve root access with a blank password.
Blackfire Blackfire Docker Image
10
CVSSv2
CVE-2020-29564
The official Consul Docker images 0.7.1 up to and including 1.4.2 contain a blank password for a root user. System using the Consul Docker container deployed by affected versions of the Docker image may allow a remote malicious user to achieve root access with a blank password.
Hashicorp Consul Docker Image
4
CVSSv2
CVE-2019-1003065
Jenkins CloudShare Docker-Machine Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.
Jenkins Cloudshare Docker-machine
9.3
CVSSv2
CVE-2021-23732
This affects all versions of package docker-cli-js. If the command parameter of the Docker.command method can at least be partially controlled by a user, they will be in a position to execute any arbitrary OS commands on the host system.
Quobject Docker-cli-js -
6.8
CVSSv2
CVE-2021-39070
IBM Security Verify Access 10.0.0.0, 10.0.1.0 and 10.0.2.0 with the advanced access control authentication service enabled could allow an malicious user to authenticate as any user on the system. IBM X-Force ID: 215353.
Ibm Security Verify Access 10.0.0
Ibm Security Verify Access 10.0.1.0
Ibm Security Verify Access 10.0.2.0
Ibm Security Verify Access Docker 10.0.0
Ibm Security Verify Access Docker 10.0.1.0
Ibm Security Verify Access Docker 10.0.2.0
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48693
CVE-2024-30851
CVE-2024-34460
CVE-2024-2887
local
CVE-2024-27956
remote code execution
CVE-2024-34475
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9
10
NEXT »