Docker : Security Vulnerabilities, CVEs, (Directory traversal)
In Docker before versions 9.03.15, 20.10.3 there is a vulnerability involving the --userns-remap option in which access to remapped root allows privilege escalation to real root. When using "--userns-remap", if the root user in the remapped namespace has access to the host filesystem they can modify files under "/var/lib/docker/<remapping>" that cause writing files with extended privileges. Versions 20.10.3 and 19.03.15 contain patches that prevent privilege escalation from remapped user.
Max CVSS
6.8
EPSS Score
0.05%
Published
2021-02-02
Updated
2022-04-29
util/binfmt_misc/check.go in Builder in Docker Engine before 19.03.9 calls os.OpenFile with a potentially unsafe qemu-check temporary pathname, constructed with an empty first argument in an ioutil.TempDir call.
Max CVSS
5.3
EPSS Score
0.14%
Published
2020-12-30
Updated
2021-01-05
In Docker through 18.06.1-ce-rc2, the API endpoints behind the 'docker cp' command are vulnerable to a symlink-exchange attack with Directory Traversal, giving attackers arbitrary read-write access to the host filesystem with root privileges, because daemon/archive.go does not do archive operations on a frozen filesystem (or from within a chroot).
Max CVSS
7.5
EPSS Score
0.07%
Published
2019-05-23
Updated
2019-06-25
Docker before 1.3.3 does not properly validate image IDs, which allows remote attackers to conduct path traversal attacks and spoof repositories via a crafted image in a (1) "docker load" operation or (2) "registry communications."
Max CVSS
6.4
EPSS Score
0.27%
Published
2014-12-16
Updated
2018-10-09
Path traversal vulnerability in Docker before 1.3.3 allows remote attackers to write to arbitrary files and bypass a container protection mechanism via a full pathname in a symlink in an (1) image or (2) build in a Dockerfile.
Max CVSS
8.6
EPSS Score
0.16%
Published
2019-12-02
Updated
2019-12-11
5 vulnerabilities found