9275 matches found
CVE-2021-44719
Docker Desktop 4.3.0 has Incorrect Access Control...
CVE-2021-44719
Docker Desktop 4.3.0 has Incorrect Access Control...
Improper access control
Docker Desktop 4.3.0 has Incorrect Access Control...
CVE-2021-44719
Summary: CVE-2021-44719 affects Docker Desktop 4.3.0 with an Incorrect Access Control issue. The vulnerability is described as a local-privilege/host-access problem where a container could access restricted host files, bypassing the allowed sharing rules (per Nessus NASL description for Mac, and ...
CVE-2021-44719
Docker Desktop 4.3.0 has Incorrect Access Control...
Docker Desktop 安全漏洞
Docker Desktop is a container-based desktop software for lightweight deployment of applications from Docker, Inc. The product provides a desktop environment that supports creating a container lightweight virtual machine and deploying and running applications on Linux/Windows/Mac OS systems, as we...
PT-2022-12210 · Docker · Docker Desktop
Name of the Vulnerable Software and Affected Versions: Docker Desktop version 4.3.0 Description: The issue is related to Incorrect Access Control in Docker Desktop. Recommendations: For Docker Desktop version 4.3.0, update to a newer version that contains a fix for this issue...
Huawei EulerOS: Security Advisory for docker-runc (EulerOS-SA-2022-1762)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Server-Side Request Forgery in charm
We've discovered a vulnerability in which attackers could forge HTTP requests to manipulate the charm data directory to access or delete anything on the server. This has been patched in https://github.com/charmbracelet/charm/commit/3c90668f955c7ce5ef721e4fc9faee7053232fd3 and is available in...
Password stored in plain text by Jenkins Nomad Plugin
Jenkins Nomad Plugin 0.7.4 and earlier stores the passwords to authenticate against the Docker registry unencrypted in the global config.xml file on the Jenkins controller as part of its worker templates configuration. These passwords can be viewed by users with access to the Jenkins controller...
GHSA-5C2C-CVG6-GHJM Password stored in plain text by Jenkins Nomad Plugin
Jenkins Nomad Plugin 0.7.4 and earlier stores the passwords to authenticate against the Docker registry unencrypted in the global config.xml file on the Jenkins controller as part of its worker templates configuration. These passwords can be viewed by users with access to the Jenkins controller...
com.github.kostyasha.yet-another-docker:yet-another-docker-plugin (=0.2.0), org.jenkins-ci.plugins.nodesharing:node-sharing-executor (>=2.0.0 <=2.0.3) +3 more potentially affected by CVE-2021-21631 via org.jenkins-ci.plugins:cloud-stats (>=0.1 <=0.23)
org.jenkins-ci.plugins:cloud-stats MAVEN version =0.1, =2.0.0, =0.4.8, =2.15, =2.6, =2.42 Source cves: CVE-2021-21631 Source advisory: OSV:GHSA-XV69-6RF3-W5G2...
Jenkins Plugin Installation Manager Tool did not verify plugin downloads
Jenkins Plugin Installation Manager Tool is part of the Jenkins project Docker images. As jenkins-plugin-cli it is used to download and install plugins even before Jenkins is running. Jenkins Plugin Installation Manager Tool 2.1.3 and earlier does not verify plugin downloads. This may allow third...
GHSA-M8R4-C7JM-W782 Jenkins Plugin Installation Manager Tool did not verify plugin downloads
Jenkins Plugin Installation Manager Tool is part of the Jenkins project Docker images. As jenkins-plugin-cli it is used to download and install plugins even before Jenkins is running. Jenkins Plugin Installation Manager Tool 2.1.3 and earlier does not verify plugin downloads. This may allow third...
GHSA-V2CV-WWXQ-QQ97 Moby Docker cp broken with debian containers
In Docker 19.03.x before 19.03.1 linked against the GNU C Library aka glibc, code injection can occur when the nsswitch facility dynamically loads a library inside a chroot that contains the contents of the container...
Moby Docker cp broken with debian containers
In Docker 19.03.x before 19.03.1 linked against the GNU C Library aka glibc, code injection can occur when the nsswitch facility dynamically loads a library inside a chroot that contains the contents of the container...
com.nirima:docker-plugin (>=0.17 <=1.0.4), com.testinium.jenkins:testinium (=1.0) +37 more potentially affected by CVE-2019-1010241 via org.jenkins-ci.plugins:credentials-binding (>=1.10 <=1.16)
org.jenkins-ci.plugins:credentials-binding MAVEN version =1.10, =0.17, =1.0.43, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =0.1-preview-1, =1.2.7, =0.1.0, =0.1.1, =0.4.2 and more Source cves: CVE-2019-1010241 Source advisory: SNYK:JAVA-ORGJENKINSCIPLUGINS-9402853...
GHSA-J249-GHV5-7MXV Secret insertion into debug log in Docker
In Docker CE and EE before 18.09.8 as well as Docker EE before 17.06.2-ee-23 and 18.x before 18.03.1-ee-10, Docker Engine in debug mode may sometimes add secrets to the debug log. This applies to a scenario where docker stack deploy is run to redeploy a stack that includes non external secrets. I...
Secret insertion into debug log in Docker
In Docker CE and EE before 18.09.8 as well as Docker EE before 17.06.2-ee-23 and 18.x before 18.03.1-ee-10, Docker Engine in debug mode may sometimes add secrets to the debug log. This applies to a scenario where docker stack deploy is run to redeploy a stack that includes non external secrets. I...
Missing permission check in Jenkins Docker Plugin
A missing permission check in Jenkins Docker Plugin 1.1.6 and earlier in various 'fillCredentialsIdItems' methods allowed users with Overall/Read access to enumerate credentials ID of credentials stored in Jenkins...