8 matches found
CVE-2017-20198
The Marathon UI in DC/OS 1.9.0 allows unauthenticated users to deploy arbitrary Docker containers. Due to improper restriction of volume mount configurations, attackers can deploy a container that mounts the host's root filesystem / with read/write privileges. When using a malicious Docker image,...
CVE-2017-20198 DC/OS Marathon UI < 1.9.0 Unauthenticated RCE via Docker Mount Abuse
The Marathon UI in DC/OS 1.9.0 allows unauthenticated users to deploy arbitrary Docker containers. Due to improper restriction of volume mount configurations, attackers can deploy a container that mounts the host's root filesystem / with read/write privileges. When using a malicious Docker image,...
CVE-2017-20198 DC/OS Marathon UI < 1.9.0 Unauthenticated RCE via Docker Mount Abuse
The Marathon UI in DC/OS 1.9.0 allows unauthenticated users to deploy arbitrary Docker containers. Due to improper restriction of volume mount configurations, attackers can deploy a container that mounts the host's root filesystem / with read/write privileges. When using a malicious Docker image,...
PT-2025-30583 · Mesosphere +1 · Marathon +2
Name of the Vulnerable Software and Affected Versions: DC/OS versions prior to 1.9.0 Description: The Marathon UI in DC/OS allows unauthenticated users to deploy arbitrary Docker containers. Improper restriction of volume mount configurations allows attackers to deploy a container that mounts the...
DC/OS Marathon UI - Docker (Metasploit)
This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'DC/OS Marathon UI Docker Exploit', 'Description' = %q Utilizing the DCOS Cluster's Marathon UI, an attacker can create a docker container with the...
DC/OS Marathon UI Docker Privilege Escalation Exploit
Utilizing the DCOS Cluster's Marathon UI, an attacker can create a docker container with the '/' path mounted with read/write permissions on the host server that is running the docker container. As the docker container executes command as uid 0 it is honored by the host operating system allowing...
DC/OS Marathon UI Docker Privilege Escalation
This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'DC/OS Marathon UI Docker Exploit', 'Description' = %q Utilizing the DCOS Cluster's Marathon UI, an attacker can create a docker container with the...
DC/OS Marathon UI Docker Exploit
Utilizing the DCOS Cluster's Marathon UI, an attacker can create a docker container with the '/' path mounted with read/write permissions on the host server that is running the docker container. As the docker container executes command as uid 0 it is honored by the host operating system allowing...