Lucene search

K
amazonAmazonALAS-2020-1376
HistoryMay 29, 2020 - 9:52 p.m.

Important: docker

2020-05-2921:52:00
alas.aws.amazon.com
32

6 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L

6 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:P/I:P/A:P

0.002 Low

EPSS

Percentile

60.5%

Issue Overview:

An issue was discovered in Docker Engine before 19.03.11. An attacker in a container, with the CAP_NET_RAW capability, can craft IPv6 router advertisements, and consequently spoof external IPv6 hosts, obtain sensitive information, or cause a denial of service.(CVE-2020-13401)

Affected Packages:

docker

Issue Correction:
Run yum update docker to update your system.

New Packages:

src:  
    docker-19.03.6ce-4.58.amzn1.src  
  
x86_64:  
    docker-19.03.6ce-4.58.amzn1.x86_64  
    docker-debuginfo-19.03.6ce-4.58.amzn1.x86_64  

Additional References

Red Hat: CVE-2020-13401

Mitre: CVE-2020-13401

6 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L

6 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:P/I:P/A:P

0.002 Low

EPSS

Percentile

60.5%