9263 matches found
CVE-2024-24557
CVE-2024-24557 affects Moby/Docker’s classic builder cache. The risk arises when building from scratch: HEALTHCHECK and ONBUILD changes may not trigger a cache miss, enabling cache poisoning if an attacker knows the Dockerfile. Impact varies by Buildkit usage: 23.0 and earlier are broadly affecte...
CVE-2024-24557 Moby classic builder cache poisoning
Moby is an open-source project created by Docker to enable software containerization. The classic builder cache system is prone to cache poisoning if the image is built FROM scratch. Also, changes to some instructions most important being HEALTHCHECK and ONBUILD would not cause a cache miss. An...
CVE-2024-24557
Moby is an open-source project created by Docker to enable software containerization. The classic builder cache system is prone to cache poisoning if the image is built FROM scratch. Also, changes to some instructions most important being HEALTHCHECK and ONBUILD would not cause a cache miss. An...
Exposed Docker APIs Under Attack in 'Commando Cat' Cryptojacking Campaign
Exposed Docker API endpoints over the internet are under assault from a sophisticated cryptojacking campaign called Commando Cat. "The campaign deploys a benign container generated using the Commando project," Cado security researchers Nate Bill and Matt Muir said in a new report published today...
Exploit for File Descriptor Leak in Linuxfoundation Runc
CVE-2024-21626-POC Instructions For educational/research pu...
Moby and Open Container Initiative Release Critical Updates for Multiple Vulnerabilities Affecting Docker-related Components
Moby and the Open Container Initiative OCI have released updates for multiple vulnerabilities CVE-2024-23651, CVE-2024-23652, CVE-2024-23653, CVE-2024-21626 affecting Docker-related components, including Moby BuildKit and OCI runc. A cyber threat actor could exploit these vulnerabilities to take...
Exploit for Path Traversal in Jenkins
Jenkins CVE-2024-23897 PoC A proof-of-concept PoC for CVE-2...
PT-2024-20534 · Crafatar · Crafatar
Name of the Vulnerable Software and Affected Versions: Crafatar versions prior to 2.1.5 Description: Crafatar serves Minecraft avatars based on the skin for use in external applications. Files outside of the lib/public/ directory can be requested from the server. Instances running behind...
GHSA-3FWX-PJGW-3558 Moby (Docker Engine) Insufficiently restricted permissions on data directory
Impact A bug was found in Moby Docker Engine where the data directory typically /var/lib/docker contained subdirectories with insufficiently restricted permissions, allowing otherwise unprivileged Linux users to traverse directory contents and execute programs. When containers included executable...
Moby (Docker Engine) Insufficiently restricted permissions on data directory
Impact A bug was found in Moby Docker Engine where the data directory typically /var/lib/docker contained subdirectories with insufficiently restricted permissions, allowing otherwise unprivileged Linux users to traverse directory contents and execute programs. When containers included executable...
GHSA-QRQR-3X5J-2XW9 Docker Authentication Bypass
An issue was discovered in Docker Moby before 17.06.0. The Docker engine validated a client TLS certificate using both the configured client CA root certificate and all system roots on non-Windows systems. This allowed a client with any domain validated certificate signed by a system-trusted root...
Docker Authentication Bypass
An issue was discovered in Docker Moby before 17.06.0. The Docker engine validated a client TLS certificate using both the configured client CA root certificate and all system roots on non-Windows systems. This allowed a client with any domain validated certificate signed by a system-trusted root...
GHSA-6FJ5-M822-RQX8 moby docker daemon crash during image pull of malicious image
Impact Pulling an intentionally malformed Docker image manifest crashes the dockerd daemon. Patches Versions 20.10.3 and 19.03.15 contain patches that prevent the daemon from crashing. Credits Maintainers would like to thank Josh Larsen, Ian Coldwater, Duffie Cooley, Rory McCune for working on th...
moby Access to remapped root allows privilege escalation to real root
Impact When using --userns-remap, if the root user in the remapped namespace has access to the host filesystem they can modify files under /var/lib/docker/ that cause writing files with extended privileges. Patches Versions 20.10.3 and 19.03.15 contain patches that prevent privilege escalation fr...
GHSA-7452-XQPJ-6RPC moby Access to remapped root allows privilege escalation to real root
Impact When using --userns-remap, if the root user in the remapped namespace has access to the host filesystem they can modify files under /var/lib/docker/ that cause writing files with extended privileges. Patches Versions 20.10.3 and 19.03.15 contain patches that prevent privilege escalation fr...
Path Traversal in Moby builder
util/binfmtmisc/check.go in Builder in Docker Engine before 19.03.9 calls os.OpenFile with a potentially unsafe qemu-check temporary pathname, constructed with an empty first argument in an ioutil.TempDir call...
GHSA-6HWG-W5JG-9C6X Path Traversal in Moby builder
util/binfmtmisc/check.go in Builder in Docker Engine before 19.03.9 calls os.OpenFile with a potentially unsafe qemu-check temporary pathname, constructed with an empty first argument in an ioutil.TempDir call...
GHSA-XR7R-F8XQ-VFVV runc vulnerable to container breakout through process.cwd trickery and leaked fds
Impact In runc 1.1.11 and earlier, due to an internal file descriptor leak, an attacker could cause a newly-spawned container process from runc exec to have a working directory in the host filesystem namespace, allowing for a container escape by giving access to the host filesystem "attack 2". Th...
GHSA-M3R6-H7WV-7XXV vulnerabilities
Vulnerabilities for packages: datadog-agent, docker, guac, scorecard, skaffold, trivy, kubescape, zot, buildkitd, kaniko, conftest...
GHSA-4V98-7QMW-RQR8 vulnerabilities
Vulnerabilities for packages: datadog-agent, docker, guac, scorecard, skaffold, trivy, kubescape, zot, buildkitd, kaniko, conftest...