Impact: Low Public Date: 2014-12-11 Bugzilla: 1172761: CVE-2014-9356 docker: Path traversal during processing of absolute symlinks It was found that a malicious container image could overwrite arbitrary portions of the host file system by including absolute symlinks, potentially leading to privilege escalation.
Find out more about CVE-2014-9356 from the MITRE CVE dictionary dictionary and NIST NVD.
This issue affects the versions of Docker as shipped with Red Hat Enterprise Linux 7. However, this flaw is not known to be exploitable under any supported scenario. A future update may address this issue.
Red Hat does not support or recommend running untrusted images.
Base Score | 5.4 |
---|---|
Base Metrics | AV:N/AC:H/Au:N/C:N/I:C/A:N |
Access Vector | Network |
Access Complexity | High |
Authentication | None |
Confidentiality Impact | None |
Integrity Impact | Complete |
Availability Impact | None |
Find out more about Red Hat support for the Common Vulnerability Scoring System (CVSS).
Platform | Errata | Release Date |
---|---|---|
Red Hat Enterprise Linux 7 Extras (docker) | RHSA-2015:0623 | 2015-03-05 |