USN-5134-1 docker.io vulnerability

An information disclosure issue was discovered in the command line interface of Docker. A misconfigured credential store could result in supplied credentials being leaked to the public registry, when using the docker login command with a private registry...

Docker 信息泄露漏洞

Docker is an open source application container engine from the American company Docker. The product supports creating a container lightweight virtual machine and deploying and running applications on Linux systems, as well as automating the installation, deployment, and upgrading of applications...

PT-2021-7301 · Docker +5 · Docker Cli +5

Name of the Vulnerable Software and Affected Versions: Docker CLI versions prior to 20.10.9 Description: A bug was found in the Docker CLI where running docker login my-private-registry.example.com with a misconfigured configuration file typically /.docker/config.json listing a credsStore or...

Arbitrary Code Execution

Overview Affected versions of this package are vulnerable to Arbitrary Code Execution. If the command parameter of the Docker.command method can at least be partially controlled by a user, they will be in a position to execute any arbitrary OS commands on the host system. Steps to Reproduce 1...

NixOS Local Elevation of Privilege Vulnerability

NixOS is a distribution of the Linux system. A security vulnerability exists in version 17.03 of NixOS prior to 17.03.887. A local attacker can exploit the vulnerability to gain privileges by executing the docker command...