Vulnerability Details : CVE-2014-6408
Docker 1.3.0 through 1.3.1 allows remote attackers to modify the default run profile of image containers and possibly bypass the container by applying unspecified security options to an image.
Products affected by CVE-2014-6408
- cpe:2.3:a:docker:docker:1.3.0:*:*:*:*:*:*:*
- cpe:2.3:a:docker:docker:1.3.1:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2014-6408
0.53%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 77 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2014-6408
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:N/I:P/A:N |
10.0
|
2.9
|
NIST |
CWE ids for CVE-2014-6408
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2014-6408
-
http://www.openwall.com/lists/oss-security/2014/11/24/5
oss-security - Docker 1.3.2 - Security Advisory [24 Nov 2014]
-
https://docs.docker.com/v1.3/release-notes/
Sorry, we can't find that page | Docker DocumentationVendor Advisory
-
http://lists.fedoraproject.org/pipermail/package-announce/2014-December/145154.html
[SECURITY] Fedora 21 Update: docker-io-1.3.2-2.fc21
-
http://lists.opensuse.org/opensuse-security-announce/2014-12/msg00009.html
[security-announce] openSUSE-SU-2014:1596-1: important: Security update
Jump to