Published: 02/12/2019 Updated: 11/12/2019

CVSS v2 Base Score: 8.5 | Impact Score: 7.8 | Exploitability Score: 10

CVSS v3 Base Score: 8.6 | Impact Score: 4 | Exploitability Score: 3.9

VMScore: 756

Vector: AV:N/AC:L/Au:N/C:N/I:C/A:P

Path traversal vulnerability in Docker prior to 1.3.3 allows remote malicious users to write to arbitrary files and bypass a container protection mechanism via a full pathname in a symlink in an (1) image or (2) build in a Dockerfile.

Vulnerable Product	Search on Vulmon	Subscribe to Product
docker docker

Debian Bug report logs - #772909 dockerio: CVE-2014-9356 CVE-2014-9357 CVE-2014-9358 Package: src:dockerio; Maintainer for src:dockerio is Dmitry Smirnov <onlyjob@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Fri, 12 Dec 2014 05:45:02 UTC Severity: grave Tags: fixed-upstream, security, u ...

Path traversal attacks are possible in the processing of absolute symlinks In checking symlinks for traversals, only relative links were considered This allowed path traversals to exist where they should have otherwise been prevented This was exploitable via both archive extraction and through volume mounts This vulnerability allowed malicious ...

Impact: Low Public Date: 2014-12-11 Bugzilla: 1172761: CVE-2014-9356 docker: Path traversal during proce ...

CWE-22 http://www.securityfocus.com/archive/1/archive/1/534215/100/0/threaded https://bugzilla.redhat.com/show_bug.cgi?id=1172761 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=772909 https://nvd.nist.gov https://alas.aws.amazon.com/ALAS-2014-461.html

CVE-2014-9356

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect