8.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
4.6 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:P/I:P/A:P
0.001 Low
EPSS
Percentile
19.1%
The docker packages version docker-1.13.1-108.git4ef4b30.el7 as released
for Red Hat Enterprise Linux 7 Extras via RHBA-2020:0053
(https://access.redhat.com/errata/RHBA-2020:0053) included an incorrect
version of runc that was missing multiple bug and security fixes. One of
the fixes regressed in that update was the fix for CVE-2016-9962, that was
previously corrected in the docker packages in Red Hat Enterprise Linux 7
Extras via RHSA-2017:0116
(https://access.redhat.com/errata/RHSA-2017:0116). The CVE-2020-14300 was
assigned to this security regression and it is specific to the docker
packages produced by Red Hat. The original issue - CVE-2016-9962 - could
possibly allow a process inside container to compromise a process entering
container namespace and execute arbitrary code outside of the container.
This could lead to compromise of the container host or other containers
running on the same container host. This issue only affects a single
version of Docker, 1.13.1-108.git4ef4b30, shipped in Red Hat Enterprise
Linux 7. Both earlier and later versions are not affected.
8.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
4.6 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:P/I:P/A:P
0.001 Low
EPSS
Percentile
19.1%