Lucene search
K

9275 matches found

NVD
NVD
added 2022/05/25 4:15 p.m.18 views

CVE-2021-44719

Docker Desktop 4.3.0 has Incorrect Access Control...

8.4CVSS0.00262EPSS
Exploits0References3
OSV
OSV
added 2022/05/25 4:15 p.m.3 views

CVE-2021-44719

Docker Desktop 4.3.0 has Incorrect Access Control...

8.4CVSS5.4AI score0.00262EPSS
Exploits0References3
Prion
Prion
added 2022/05/25 4:15 p.m.12 views

Improper access control

Docker Desktop 4.3.0 has Incorrect Access Control...

6.6CVSS8.3AI score0.00262EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2022/05/25 3:31 p.m.83 views

CVE-2021-44719

Summary: CVE-2021-44719 affects Docker Desktop 4.3.0 with an Incorrect Access Control issue. The vulnerability is described as a local-privilege/host-access problem where a container could access restricted host files, bypassing the allowed sharing rules (per Nessus NASL description for Mac, and ...

8.4CVSS8.3AI score0.00262EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2022/05/25 3:31 p.m.16 views

CVE-2021-44719

Docker Desktop 4.3.0 has Incorrect Access Control...

8.6AI score0.00262EPSS
Exploits0References3
CNNVD
CNNVD
added 2022/05/25 12:0 a.m.5 views

Docker Desktop 安全漏洞

Docker Desktop is a container-based desktop software for lightweight deployment of applications from Docker, Inc. The product provides a desktop environment that supports creating a container lightweight virtual machine and deploying and running applications on Linux/Windows/Mac OS systems, as we...

8.4CVSS5.6AI score0.00262EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2022/05/25 12:0 a.m.4 views

PT-2022-12210 · Docker · Docker Desktop

Name of the Vulnerable Software and Affected Versions: Docker Desktop version 4.3.0 Description: The issue is related to Incorrect Access Control in Docker Desktop. Recommendations: For Docker Desktop version 4.3.0, update to a newer version that contains a fix for this issue...

8.4CVSS8.2AI score0.00262EPSS
Exploits0References4
OpenVAS
OpenVAS
added 2022/05/25 12:0 a.m.21 views

Huawei EulerOS: Security Advisory for docker-runc (EulerOS-SA-2022-1762)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7CVSS7.3AI score0.00457EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2022/05/24 8:55 p.m.50 views

Server-Side Request Forgery in charm

We've discovered a vulnerability in which attackers could forge HTTP requests to manipulate the charm data directory to access or delete anything on the server. This has been patched in https://github.com/charmbracelet/charm/commit/3c90668f955c7ce5ef721e4fc9faee7053232fd3 and is available in...

9.8CVSS8.8AI score0.00745EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/24 7:12 p.m.22 views

Password stored in plain text by Jenkins Nomad Plugin

Jenkins Nomad Plugin 0.7.4 and earlier stores the passwords to authenticate against the Docker registry unencrypted in the global config.xml file on the Jenkins controller as part of its worker templates configuration. These passwords can be viewed by users with access to the Jenkins controller...

5.5CVSS5.5AI score0.003EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2022/05/24 7:12 p.m.22 views

GHSA-5C2C-CVG6-GHJM Password stored in plain text by Jenkins Nomad Plugin

Jenkins Nomad Plugin 0.7.4 and earlier stores the passwords to authenticate against the Docker registry unencrypted in the global config.xml file on the Jenkins controller as part of its worker templates configuration. These passwords can be viewed by users with access to the Jenkins controller...

5.5CVSS5.7AI score0.003EPSS
Exploits0References5
vulnersOsv
vulnersOsv
added 2022/05/24 5:45 p.m.7 views

com.github.kostyasha.yet-another-docker:yet-another-docker-plugin (=0.2.0), org.jenkins-ci.plugins.nodesharing:node-sharing-executor (>=2.0.0 <=2.0.3) +3 more potentially affected by CVE-2021-21631 via org.jenkins-ci.plugins:cloud-stats (>=0.1 <=0.23)

org.jenkins-ci.plugins:cloud-stats MAVEN version =0.1, =2.0.0, =0.4.8, =2.15, =2.6, =2.42 Source cves: CVE-2021-21631 Source advisory: OSV:GHSA-XV69-6RF3-W5G2...

4.3CVSS5.5AI score0.00801EPSS
Exploits0
Github Security Blog
Github Security Blog
added 2022/05/24 5:35 p.m.25 views

Jenkins Plugin Installation Manager Tool did not verify plugin downloads

Jenkins Plugin Installation Manager Tool is part of the Jenkins project Docker images. As jenkins-plugin-cli it is used to download and install plugins even before Jenkins is running. Jenkins Plugin Installation Manager Tool 2.1.3 and earlier does not verify plugin downloads. This may allow third...

10CVSS8.9AI score0.00917EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2022/05/24 5:35 p.m.17 views

GHSA-M8R4-C7JM-W782 Jenkins Plugin Installation Manager Tool did not verify plugin downloads

Jenkins Plugin Installation Manager Tool is part of the Jenkins project Docker images. As jenkins-plugin-cli it is used to download and install plugins even before Jenkins is running. Jenkins Plugin Installation Manager Tool 2.1.3 and earlier does not verify plugin downloads. This may allow third...

9.8CVSS9.4AI score0.00917EPSS
Exploits0References5
OSV
OSV
added 2022/05/24 4:51 p.m.25 views

GHSA-V2CV-WWXQ-QQ97 Moby Docker cp broken with debian containers

In Docker 19.03.x before 19.03.1 linked against the GNU C Library aka glibc, code injection can occur when the nsswitch facility dynamically loads a library inside a chroot that contains the contents of the container...

9.8CVSS9.2AI score0.18828EPSS
Exploits3References11
Github Security Blog
Github Security Blog
added 2022/05/24 4:51 p.m.38 views

Moby Docker cp broken with debian containers

In Docker 19.03.x before 19.03.1 linked against the GNU C Library aka glibc, code injection can occur when the nsswitch facility dynamically loads a library inside a chroot that contains the contents of the container...

9.8CVSS7.5AI score0.18828EPSS
Exploits3References11Affected Software1
vulnersOsv
vulnersOsv
added 2022/05/24 4:50 p.m.6 views

com.nirima:docker-plugin (>=0.17 <=1.0.4), com.testinium.jenkins:testinium (=1.0) +37 more potentially affected by CVE-2019-1010241 via org.jenkins-ci.plugins:credentials-binding (>=1.10 <=1.16)

org.jenkins-ci.plugins:credentials-binding MAVEN version =1.10, =0.17, =1.0.43, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =0.1-preview-1, =1.2.7, =0.1.0, =0.1.1, =0.4.2 and more Source cves: CVE-2019-1010241 Source advisory: SNYK:JAVA-ORGJENKINSCIPLUGINS-9402853...

6.5CVSS6.5AI score0.01468EPSS
Exploits1
OSV
OSV
added 2022/05/24 4:50 p.m.29 views

GHSA-J249-GHV5-7MXV Secret insertion into debug log in Docker

In Docker CE and EE before 18.09.8 as well as Docker EE before 17.06.2-ee-23 and 18.x before 18.03.1-ee-10, Docker Engine in debug mode may sometimes add secrets to the debug log. This applies to a scenario where docker stack deploy is run to redeploy a stack that includes non external secrets. I...

7.5CVSS7.5AI score0.03653EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2022/05/24 4:50 p.m.28 views

Secret insertion into debug log in Docker

In Docker CE and EE before 18.09.8 as well as Docker EE before 17.06.2-ee-23 and 18.x before 18.03.1-ee-10, Docker Engine in debug mode may sometimes add secrets to the debug log. This applies to a scenario where docker stack deploy is run to redeploy a stack that includes non external secrets. I...

7.5CVSS6.8AI score0.03653EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/24 4:50 p.m.14 views

Missing permission check in Jenkins Docker Plugin

A missing permission check in Jenkins Docker Plugin 1.1.6 and earlier in various 'fillCredentialsIdItems' methods allowed users with Overall/Read access to enumerate credentials ID of credentials stored in Jenkins...

4.3CVSS6.4AI score0.01361EPSS
Exploits0References5Affected Software1
Rows per page
Query Builder