Lucene search
UbuntuUSN-4048-1HistoryJul 08, 2019 - 12:00 a.m.
Docker vulnerabilities
2019-07-0800:00:00
ubuntu.com
175
8.6 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
8.6 High
AI Score
Confidence
High
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.004 Low
EPSS
Percentile
74.6%
Releases
- Ubuntu 19.04
- Ubuntu 18.10
- Ubuntu 18.04 ESM
- Ubuntu 16.04 ESM
Packages
- docker.io - Linux container runtime
Details
Aleksa Sarai discovered that Docker was vulnerable to a directory traversal
attack. An attacker could use this vulnerability to read and write arbitrary
files on the host filesystem as root.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Ubuntu | 19.04 | noarch | docker.io | < 18.09.7-0ubuntu1~19.04.4 | UNKNOWN |
| Ubuntu | 19.04 | noarch | docker-doc | < 18.09.7-0ubuntu1~19.04.4 | UNKNOWN |
| Ubuntu | 19.04 | noarch | golang-docker-dev | < 18.09.7-0ubuntu1~19.04.4 | UNKNOWN |
| Ubuntu | 19.04 | noarch | golang-github-docker-docker-dev | < 18.09.7-0ubuntu1~19.04.4 | UNKNOWN |
| Ubuntu | 19.04 | noarch | vim-syntax-docker | < 18.09.7-0ubuntu1~19.04.4 | UNKNOWN |
| Ubuntu | 18.10 | noarch | docker.io | < 18.09.7-0ubuntu1~18.10.3 | UNKNOWN |
| Ubuntu | 18.10 | noarch | docker-doc | < 18.09.7-0ubuntu1~18.10.3 | UNKNOWN |
| Ubuntu | 18.10 | noarch | golang-docker-dev | < 18.09.7-0ubuntu1~18.10.3 | UNKNOWN |
| Ubuntu | 18.10 | noarch | golang-github-docker-docker-dev | < 18.09.7-0ubuntu1~18.10.3 | UNKNOWN |
| Ubuntu | 18.10 | noarch | vim-syntax-docker | < 18.09.7-0ubuntu1~18.10.3 | UNKNOWN |
Related
nessus
nessus
Ubuntu 16.04 LTS / 18.04 LTS : Docker vulnerabilities (USN-4048-1)
2019-07-09 00:00:00
openSUSE Security Update : docker (openSUSE-2019-1621)
2019-06-25 00:00:00
SUSE SLED15 / SLES15 Security Update : docker (SUSE-SU-2019:1562-1)
2019-06-19 00:00:00
openvas
openvas
Ubuntu Update for docker.io USN-4048-1
2019-07-09 00:00:00
openSUSE: Security Advisory for docker (openSUSE-SU-2019:1621-1)
2019-06-26 00:00:00
Fedora Update for moby-engine FEDORA-2019-352d4b9cd8
2019-05-07 00:00:00
oraclelinux
oraclelinux
docker-engine security update
2019-08-19 00:00:00
docker-engine security update
2019-06-13 00:00:00
runc bug fix update
2021-04-28 00:00:00
ibm
ibm
alpinelinux
alpinelinux
CVE-2018-15664
2019-05-23 14:29:00
CVE-2019-5736
2019-02-11 19:29:00
redhat
redhat
(RHSA-2019:1910) Moderate: docker security and bug fix update
2019-07-29 15:59:50
(RHSA-2019:0304) Important: docker security update
2019-02-11 14:26:20
(RHSA-2019:0303) Important: runc security update
2019-02-11 14:24:53
redhatcve
redhatcve
cve
cve
amazon
amazon
Medium: docker
2019-07-17 23:53:00
Important: docker
2019-02-08 22:28:00
suse
suse
Security update for docker (moderate)
2019-06-25 00:00:00
Security update for lxc (moderate)
2019-10-03 00:00:00
Security update for docker-runc (important)
2019-02-27 00:00:00
debiancve
debiancve
pentestit
pentestit
UPDATE: Sysdig Falco v0.15.1
2019-06-10 23:15:46
veracode
veracode
Directory Traversal
2019-05-24 11:10:46
Malicious Container Execution
2019-02-12 02:31:29
Remote Code Execution
2020-06-24 03:08:12
myhack58
myhack58
osv
osv
CVE-2018-15664
2019-05-23 14:29:07
Important: container-tools:rhel8 security and bug fix update
2019-05-07 03:39:11
CVE-2019-5736
2019-02-11 19:29:00
prion
prion
Directory traversal
2019-05-23 14:29:00
Design/Logic Flaw
2019-02-11 19:29:00
Design/Logic Flaw
2020-07-13 21:15:00
mscve
mscve
Docker Elevation of Privilege Vulnerability
2019-07-09 07:00:00
ubuntucve
ubuntucve
hackerone
hackerone
Internet Bug Bounty: CVE-2019-5736: Escape from Docker and Kubernetes containers to root on host
2019-02-13 18:50:11
50m-ctf: CTF write-up: c8889970d9fb722066f31e804e351993
2019-03-03 10:08:22
50m-ctf: $50 million CTF Writeup
2019-03-25 02:28:13
impervablog
impervablog
Hundreds of Vulnerable Docker Hosts Exploited by Cryptocurrency Miners
2019-03-04 21:00:39
fedora
fedora
[SECURITY] Fedora 29 Update: python3-lxc-3.0.4-1.fc29
2019-09-06 12:59:40
[SECURITY] Fedora 30 Update: lxcfs-3.0.4-1.fc30
2019-09-06 12:35:28
[SECURITY] Fedora 29 Update: moby-engine-18.06.0-2.ce.git0ffa825.fc29
2019-02-19 14:04:24
zdt
zdt
runc < 1.0-rc6 (Docker < 18.09.2) - Container Breakout (2)
2019-02-15 00:00:00
runC < 1.0-rc6 (Docker < 18.09.2) - Host Command Execution Exploit
2019-02-12 00:00:00
Docker Container Escape Exploit
2021-07-01 00:00:00
githubexploit
githubexploit
Exploit for OS Command Injection in Docker
2019-06-30 13:42:14
Exploit for OS Command Injection in Docker
2021-07-08 22:46:30
Exploit for OS Command Injection in Docker
2019-12-12 16:57:13
photon
photon
threatpost
threatpost
Public Clouds & Shared Responsibility: Lessons from Vulnerability Disclosure
2021-10-26 21:22:26
Major Container Security Flaw Threatens Cascading Attacks
2019-02-12 18:28:41
Rethinking Cyber-Defense Strategies in the Public-Cloud Age
2022-04-19 17:29:49
vmware
vmware
f5
f5
K46421255 : Docker privilege elevation vulnerability CVE-2019-5736
2019-03-01 00:00:00
exploitpack
exploitpack
runc 1.0-rc6 (Docker 18.09.2) - Container Breakout (2)
2019-02-13 00:00:00
virtuozzo
virtuozzo
mageia
mageia
Updated opencontainers-runc packages fix security vulnerability
2019-02-13 14:08:25
Updated lxc packages fix security vulnerability
2019-02-17 03:31:02
trendmicroblog
trendmicroblog
This Week in Security News: Instagram Hackers and Enterprise Threats
2019-03-01 14:57:50
Attacking Containers and runC
2019-02-12 19:22:35
thn
thn
Microsoft Warns of Cross-Account Takeover Bug in Azure Container Instances
2021-09-10 05:07:00
RunC Flaw Lets Attackers Escape Linux Containers to Gain Root on Hosts
2019-02-12 08:59:00
qualysblog
qualysblog
RunC Container Breakout Vulnerability
2019-02-12 15:46:10
archlinux
archlinux
[ASA-201902-6] runc: privilege escalation
2019-02-11 00:00:00
[ASA-201902-20] flatpak: privilege escalation
2019-02-17 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 8 package runc version 1.0.0-alt7.git0a012df
2019-02-20 00:00:00
Security fix for the ALT Linux 10 package runc version 1.0.0-alt7.git0a012df
2019-02-13 00:00:00
almalinux
almalinux
Important: container-tools:rhel8 security and bug fix update
2019-05-07 03:39:11
cbl_mariner
cbl_mariner
CVE-2019-5736 affecting package moby-buildx 0.4.1-3
2021-07-08 21:56:42
kitploit
kitploit
checkpoint_advisories
checkpoint_advisories
runc Container Escape (CVE-2019-5736)
2019-02-14 00:00:00
cisco
cisco
cloudfoundry
cloudfoundry
CVE-2019-5736: runC container breakout | Cloud Foundry
2019-02-13 00:00:00
rocky
rocky
container-tools:rhel8 security and bug fix update
2019-05-07 03:39:11
exploitdb
exploitdb
runc < 1.0-rc6 (Docker < 18.09.2) - Container Breakout (2)
2019-02-13 00:00:00
kaspersky
kaspersky
KLA11821 Multiple vulnerabilities in Microsoft Azure
2019-07-09 00:00:00
packetstorm
packetstorm
Docker Container Escape
2021-07-01 00:00:00
metasploit
metasploit
Docker Container Escape Via runC Overwrite
2021-06-30 09:02:11
rapid7blog
rapid7blog
Metasploit Wrap-Up
2021-07-02 18:44:54
8.6 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
8.6 High
AI Score
Confidence
High
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.004 Low
EPSS
Percentile
74.6%
Related for USN-4048-1