Veracode Vulnerability DatabaseVERACODE:22190Image Cache Poisoning
5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
1.9 Low
CVSS2
Access Vector
LOCAL
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:L/AC:M/Au:N/C:N/I:P/A:N
github.com/moby/moby is vulnerable to image cache poisoning. The vulnerability exists as the image layers were not globally unique, allowing for unintended images to be uploaded or downloaded.
| CPE | Name | Operator | Version |
|---|---|---|---|
| github.com/moby/moby | eq | HEAD | |
| github.com/moby/moby | le | 1.8.2 | |
| github.com/moby/moby | eq | HEAD | |
| github.com/moby/moby | le | 1.8.2 |
References
lists.opensuse.org/opensuse-security-announce/2015-10/msg00014.html
lists.opensuse.org/opensuse-updates/2015-10/msg00036.html
github.com/docker/docker/blob/master/CHANGELOG.md#183-2015-10-12
github.com/moby/moby/commit/9098628b2901ae8585ba4c66ee6e14759d2119da
groups.google.com/forum/#!msg/docker-dev/bWVVtLNbFy8/UaefOqMOCAAJ
groups.google.com/forum/#%21msg/docker-dev/bWVVtLNbFy8/UaefOqMOCAAJ
www.docker.com/legal/docker-cve-database
Related
5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
1.9 Low
CVSS2
Access Vector
LOCAL
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:L/AC:M/Au:N/C:N/I:P/A:N