2 matches found
CVE-2017-20198 DC/OS Marathon UI < 1.9.0 Unauthenticated RCE via Docker Mount Abuse
The Marathon UI in DC/OS 1.9.0 allows unauthenticated users to deploy arbitrary Docker containers. Due to improper restriction of volume mount configurations, attackers can deploy a container that mounts the host's root filesystem / with read/write privileges. When using a malicious Docker image,...
DC/OS Marathon UI - Docker (Metasploit)
This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'DC/OS Marathon UI Docker Exploit', 'Description' = %q Utilizing the DCOS Cluster's Marathon UI, an attacker can create a docker container with the...