Alpaquita LinuxStreamSecurity Advisory
Search Cve

CVE-2014-5282

Published: February 6, 2018Last modified: November 9, 2023

Description

Docker before 1.3 does not properly validate image IDs, which allows remote attackers to redirect to another image through the loading of untrusted images via 'docker load'.

Severity score breakdown

ParameterValue
Base score8.1
Attack VectorNETWORK
Attack complexityLOW
Privileges requiredLOW
User interactionNONE
ScopeUNCHANGED
ConfidentialityHIGH
Integrity impactHIGH
Availability impactNONE
VectorCVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Status

ProductReleasePackageStatus
Alpaquita Linux23 LTSdockerNot affected (20.10.24-r2)
StreamdockerNot affected (24.0.5-r1)

References

ON THIS PAGE