Lucene search

[email protected]CVE-2016-8867

HistoryOct 28, 2016 - 3:59 p.m.

CVE-2016-8867

2016-10-2815:59:00

CWE-264

[email protected]

web.nvd.nist.gov

docker

engine

cve-2016-8867

misconfigured

ambient capabilities

file access bypass

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

7.4 High

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.002 Low

EPSS

Percentile

52.8%

JSON

Docker Engine 1.12.2 enabled ambient capabilities with misconfigured capability policies. This allowed malicious images to bypass user permissions to access files within the container filesystem or mounted volumes.

CPENameOperatorVersion
docker:dockerdockereq1.12.2

CPE	Name	Operator	Version
docker:docker	docker	eq	1.12.2

References

www.securityfocus.com/bid/94228

www.securitytracker.com/id/1037203

www.docker.com/docker-cve-database

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

7.4 High

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.002 Low

EPSS

Percentile

52.8%

JSON

Related for CVE-2016-8867

veracode1 debiancve1 redhatcve1 openvas3 cvelist1 fedora2 prion1 nessus2 oraclelinux1 photon1 redhat1