Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:deb/debian/docker.io@1.6.2~dfsg1-1~bpo8%2B1
Typedeb
Namespacedebian
Namedocker.io
Version1.6.2~dfsg1-1~bpo8+1
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version20.10.24+dfsg1-1
Latest_non_vulnerable_version26.1.5+dfsg1-9
Affected_by_vulnerabilities
0
url VCID-165g-hgmx-nybk
vulnerability_id VCID-165g-hgmx-nybk
summary 
Information Exposure in RunC
RunC allowed additional container processes via 'runc exec' to be ptraced by the pid 1 of the container.  This allows the main processes of the container, if running as root, to gain access to file-descriptors of these new processes during the initialization and can lead to container escapes or modification of runC state before the process is fully placed inside the container.
references
0
reference_url http://rhn.redhat.com/errata/RHSA-2017-0116.html
reference_id
reference_type
scores
0
value 6.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2017-0116.html
1
reference_url http://rhn.redhat.com/errata/RHSA-2017-0123.html
reference_id
reference_type
scores
0
value 6.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2017-0123.html
2
reference_url http://rhn.redhat.com/errata/RHSA-2017-0127.html
reference_id
reference_type
scores
0
value 6.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2017-0127.html
3
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9962.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9962.json
4
reference_url https://access.redhat.com/security/vulnerabilities/cve-2016-9962
reference_id
reference_type
scores
0
value 6.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/security/vulnerabilities/cve-2016-9962
5
reference_url https://api.first.org/data/v1/epss?cve=CVE-2016-9962
reference_id
reference_type
scores
0
value 0.00127
scoring_system epss
scoring_elements 0.32067
published_at 2026-04-07T12:55:00Z
1
value 0.00127
scoring_system epss
scoring_elements 0.32242
published_at 2026-04-04T12:55:00Z
2
value 0.00127
scoring_system epss
scoring_elements 0.32205
published_at 2026-04-02T12:55:00Z
3
value 0.00127
scoring_system epss
scoring_elements 0.32078
published_at 2026-04-01T12:55:00Z
4
value 0.00127
scoring_system epss
scoring_elements 0.32063
published_at 2026-04-21T12:55:00Z
5
value 0.00127
scoring_system epss
scoring_elements 0.32079
published_at 2026-04-13T12:55:00Z
6
value 0.00127
scoring_system epss
scoring_elements 0.3211
published_at 2026-04-12T12:55:00Z
7
value 0.00127
scoring_system epss
scoring_elements 0.32149
published_at 2026-04-11T12:55:00Z
8
value 0.00127
scoring_system epss
scoring_elements 0.32144
published_at 2026-04-09T12:55:00Z
9
value 0.00127
scoring_system epss
scoring_elements 0.32117
published_at 2026-04-08T12:55:00Z
10
value 0.00127
scoring_system epss
scoring_elements 0.3209
published_at 2026-04-18T12:55:00Z
11
value 0.00127
scoring_system epss
scoring_elements 0.32112
published_at 2026-04-16T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2016-9962
6
reference_url https://bugzilla.suse.com/show_bug.cgi?id=1012568#c6
reference_id
reference_type
scores
0
value 6.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugzilla.suse.com/show_bug.cgi?id=1012568#c6
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9962
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9962
8
reference_url http://seclists.org/fulldisclosure/2017/Jan/21
reference_id
reference_type
scores
0
value 6.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://seclists.org/fulldisclosure/2017/Jan/21
9
reference_url http://seclists.org/fulldisclosure/2017/Jan/29
reference_id
reference_type
scores
0
value 6.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://seclists.org/fulldisclosure/2017/Jan/29
10
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 4.1
scoring_system cvssv2
scoring_elements AV:L/AC:M/Au:S/C:P/I:P/A:P
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
11
reference_url https://github.com/docker/docker/releases/tag/v1.12.6
reference_id
reference_type
scores
0
value 6.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/docker/docker/releases/tag/v1.12.6
12
reference_url https://github.com/opencontainers/runc/commit/50a19c6ff828c58e5dab13830bd3dacde268afe5
reference_id
reference_type
scores
0
value 6.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/opencontainers/runc/commit/50a19c6ff828c58e5dab13830bd3dacde268afe5
13
reference_url https://github.com/opencontainers/runc/commit/5d93fed3d27f1e2bab58bad13b180a7a81d0b378
reference_id
reference_type
scores
0
value 6.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/opencontainers/runc/commit/5d93fed3d27f1e2bab58bad13b180a7a81d0b378
14
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BQAXJMMLRU7DD2IMG47SR2K4BOFFG7FZ
reference_id
reference_type
scores
0
value 6.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BQAXJMMLRU7DD2IMG47SR2K4BOFFG7FZ
15
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FINGBFMIXBG6B6ZWYH3TMRP5V3PDBNXR
reference_id
reference_type
scores
0
value 6.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FINGBFMIXBG6B6ZWYH3TMRP5V3PDBNXR
16
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UVM7FCOQMPKOFLDTUYSS4ES76DDM56VP
reference_id
reference_type
scores
0
value 6.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UVM7FCOQMPKOFLDTUYSS4ES76DDM56VP
17
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WUQ3MQNEL5IBZZLMLR72Q4YDCL2SCKRK
reference_id
reference_type
scores
0
value 6.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WUQ3MQNEL5IBZZLMLR72Q4YDCL2SCKRK
18
reference_url https://nvd.nist.gov/vuln/detail/CVE-2016-9962
reference_id
reference_type
scores
0
value 6.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2016-9962
19
reference_url https://security.gentoo.org/glsa/201701-34
reference_id
reference_type
scores
0
value 6.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.gentoo.org/glsa/201701-34
20
reference_url https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-9962
reference_id
reference_type
scores
0
value 6.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-9962
21
reference_url http://www.securityfocus.com/archive/1/540001/100/0/threaded
reference_id
reference_type
scores
0
value 6.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.securityfocus.com/archive/1/540001/100/0/threaded
22
reference_url http://www.securityfocus.com/bid/95361
reference_id
reference_type
scores
0
value 6.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.securityfocus.com/bid/95361
23
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1409531
reference_id 1409531
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1409531
24
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=850951
reference_id 850951
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=850951
25
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=850952
reference_id 850952
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=850952
26
reference_url https://security.archlinux.org/ASA-201701-19
reference_id ASA-201701-19
reference_type
scores
url https://security.archlinux.org/ASA-201701-19
27
reference_url https://security.archlinux.org/ASA-201805-11
reference_id ASA-201805-11
reference_type
scores
url https://security.archlinux.org/ASA-201805-11
28
reference_url https://security.archlinux.org/AVG-133
reference_id AVG-133
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-133
29
reference_url https://security.archlinux.org/AVG-134
reference_id AVG-134
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-134
30
reference_url https://access.redhat.com/errata/RHSA-2017:0116
reference_id RHSA-2017:0116
reference_type
scores
url https://access.redhat.com/errata/RHSA-2017:0116
31
reference_url https://access.redhat.com/errata/RHSA-2017:0123
reference_id RHSA-2017:0123
reference_type
scores
url https://access.redhat.com/errata/RHSA-2017:0123
32
reference_url https://access.redhat.com/errata/RHSA-2017:0127
reference_id RHSA-2017:0127
reference_type
scores
url https://access.redhat.com/errata/RHSA-2017:0127
fixed_packages
0
url pkg:deb/debian/docker.io@18.09.1%2Bdfsg1-7.1%2Bdeb10u3
purl pkg:deb/debian/docker.io@18.09.1%2Bdfsg1-7.1%2Bdeb10u3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3eju-5upk-auhy
1
vulnerability VCID-41ft-14gt-bbbq
2
vulnerability VCID-6vru-hsfs-rufg
3
vulnerability VCID-bhju-575k-ebh3
4
vulnerability VCID-e9ng-x516-53cf
5
vulnerability VCID-gbw6-3a59-mbhu
6
vulnerability VCID-gund-83cy-9fap
7
vulnerability VCID-h83p-v26k-s7fa
8
vulnerability VCID-pevy-d197-zydv
9
vulnerability VCID-u44m-mgza-nfcx
10
vulnerability VCID-uckr-kzdf-7ydj
11
vulnerability VCID-yt33-nmzd-r3cs
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@18.09.1%252Bdfsg1-7.1%252Bdeb10u3
aliases CVE-2016-9962, GHSA-gp4j-w3vj-7299
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-165g-hgmx-nybk
1
url VCID-3eju-5upk-auhy
vulnerability_id VCID-3eju-5upk-auhy
summary 
`docker cp` allows unexpected chmod of host files in Moby Docker Engine
## Impact
A bug was found in Moby (Docker Engine) where attempting to copy files using `docker cp` into a specially-crafted container can result in Unix file permission changes for existing files in the host’s filesystem, widening access to others. This bug does not directly allow files to be read, modified, or executed without an additional cooperating process.

## Patches
This bug has been fixed in Moby (Docker Engine) 20.10.9. Users should update to this version as soon as possible. Running containers do not need to be restarted.

## Workarounds
Ensure you only run trusted containers.

## Credits
The Moby project would like to thank Lei Wang and Ruizhi Xiao for responsibly disclosing this issue in accordance with the [Moby security policy](https://github.com/moby/moby/blob/master/SECURITY.md).

## For more information
If you have any questions or comments about this advisory:

* [Open an issue](https://github.com/moby/moby/issues/new)
* Email us at  security@docker.com  if you think you’ve found a security bug
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-41089.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-41089.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-41089
reference_id
reference_type
scores
0
value 0.00031
scoring_system epss
scoring_elements 0.08744
published_at 2026-04-21T12:55:00Z
1
value 0.00031
scoring_system epss
scoring_elements 0.08592
published_at 2026-04-18T12:55:00Z
2
value 0.00031
scoring_system epss
scoring_elements 0.08605
published_at 2026-04-16T12:55:00Z
3
value 0.00031
scoring_system epss
scoring_elements 0.08679
published_at 2026-04-02T12:55:00Z
4
value 0.00031
scoring_system epss
scoring_elements 0.0873
published_at 2026-04-12T12:55:00Z
5
value 0.00031
scoring_system epss
scoring_elements 0.08753
published_at 2026-04-11T12:55:00Z
6
value 0.00031
scoring_system epss
scoring_elements 0.08752
published_at 2026-04-09T12:55:00Z
7
value 0.00031
scoring_system epss
scoring_elements 0.08728
published_at 2026-04-08T12:55:00Z
8
value 0.00031
scoring_system epss
scoring_elements 0.08651
published_at 2026-04-07T12:55:00Z
9
value 0.00031
scoring_system epss
scoring_elements 0.08652
published_at 2026-04-01T12:55:00Z
10
value 0.00031
scoring_system epss
scoring_elements 0.08727
published_at 2026-04-04T12:55:00Z
11
value 0.00031
scoring_system epss
scoring_elements 0.08715
published_at 2026-04-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-41089
2
reference_url https://cert-portal.siemens.com/productcert/pdf/ssa-222547.pdf
reference_id
reference_type
scores
0
value 2.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://cert-portal.siemens.com/productcert/pdf/ssa-222547.pdf
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41089
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41089
4
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 3.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
5
reference_url https://github.com/moby/moby
reference_id
reference_type
scores
0
value 2.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/moby/moby
6
reference_url https://github.com/moby/moby/commit/bce32e5c93be4caf1a592582155b9cb837fc129a
reference_id
reference_type
scores
0
value 2.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/moby/moby/commit/bce32e5c93be4caf1a592582155b9cb837fc129a
7
reference_url https://github.com/moby/moby/security/advisories/GHSA-v994-f8vw-g7j4
reference_id
reference_type
scores
0
value 2.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/moby/moby/security/advisories/GHSA-v994-f8vw-g7j4
8
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B5Q6G6I4W5COQE25QMC7FJY3I3PAYFBB
reference_id
reference_type
scores
0
value 2.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B5Q6G6I4W5COQE25QMC7FJY3I3PAYFBB
9
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZNFADTCHHYWVM6W4NJ6CB4FNFM2VMBIB
reference_id
reference_type
scores
0
value 2.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZNFADTCHHYWVM6W4NJ6CB4FNFM2VMBIB
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-41089
reference_id
reference_type
scores
0
value 2.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-41089
11
reference_url https://pkg.go.dev/vuln/GO-2024-2913
reference_id
reference_type
scores
0
value 2.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://pkg.go.dev/vuln/GO-2024-2913
12
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2008592
reference_id 2008592
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2008592
13
reference_url https://security.archlinux.org/AVG-2440
reference_id AVG-2440
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2440
14
reference_url https://security.gentoo.org/glsa/202409-29
reference_id GLSA-202409-29
reference_type
scores
url https://security.gentoo.org/glsa/202409-29
15
reference_url https://usn.ubuntu.com/5103-1/
reference_id USN-5103-1
reference_type
scores
url https://usn.ubuntu.com/5103-1/
fixed_packages
0
url pkg:deb/debian/docker.io@20.10.5%2Bdfsg1-1%2Bdeb11u2
purl pkg:deb/debian/docker.io@20.10.5%2Bdfsg1-1%2Bdeb11u2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1sky-21r5-3qcu
1
vulnerability VCID-41ft-14gt-bbbq
2
vulnerability VCID-6tg9-3vhh-muae
3
vulnerability VCID-8e1u-z6kg-ryhc
4
vulnerability VCID-avqu-wswg-c3ga
5
vulnerability VCID-b2qe-8u58-2qck
6
vulnerability VCID-bzeb-kj67-vfds
7
vulnerability VCID-e82r-vc77-f7bz
8
vulnerability VCID-njcw-wc13-dqcz
9
vulnerability VCID-quyf-eq2s-dbda
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@20.10.5%252Bdfsg1-1%252Bdeb11u2
aliases CVE-2021-41089, GHSA-v994-f8vw-g7j4
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3eju-5upk-auhy
2
url VCID-41ft-14gt-bbbq
vulnerability_id VCID-41ft-14gt-bbbq
summary 
Authz zero length regression
A security vulnerability has been detected in certain versions of Docker Engine, which could allow an attacker to bypass [authorization plugins (AuthZ)](https://docs.docker.com/engine/extend/plugins_authorization/) under specific circumstances. The base likelihood of this being exploited is low. This advisory outlines the issue, identifies the affected versions, and provides remediation steps for impacted users.

### Impact

Using a specially-crafted API request, an Engine API client could make the daemon forward the request or response to an [authorization plugin](https://docs.docker.com/engine/extend/plugins_authorization/) without the body. In certain circumstances, the authorization plugin may allow a request which it would have otherwise denied if the body had been forwarded to it.


A security issue was discovered In 2018,  where an attacker could bypass AuthZ plugins using a specially crafted API request. This could lead to unauthorized actions, including privilege escalation. Although this issue was fixed in Docker Engine [v18.09.1](https://docs.docker.com/engine/release-notes/18.09/#security-fixes-1) in January 2019, the fix was not carried forward to later major versions, resulting in a regression. Anyone who depends on authorization plugins that introspect the request and/or response body to make access control decisions is potentially impacted.

Docker EE v19.03.x and all versions of Mirantis Container Runtime **are not vulnerable.**

### Vulnerability details

- **AuthZ bypass and privilege escalation:** An attacker could exploit a bypass using an API request with Content-Length set to 0, causing the Docker daemon to forward the request without the body to the AuthZ plugin, which might approve the request incorrectly.
- **Initial fix:** The issue was fixed in Docker Engine [v18.09.1](https://docs.docker.com/engine/release-notes/18.09/#security-fixes-1) January 2019..
- **Regression:** The fix was not included in Docker Engine v19.03 or newer versions. This was identified in April 2024 and patches were released for the affected versions on July 23, 2024. The issue was assigned [CVE-2024-41110](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41110).

### Patches

- docker-ce v27.1.1 containes patches to fix the vulnerability.
- Patches have also been merged into the master, 19.0, 20.0, 23.0, 24.0, 25.0, 26.0, and 26.1 release branches.

### Remediation steps

- If you are running an affected version, update to the most recent patched version.
- Mitigation if unable to update immediately:
    - Avoid using AuthZ plugins.
    - Restrict access to the Docker API to trusted parties, following the principle of least privilege.


### References

- https://github.com/moby/moby/commit/fc274cd2ff4cf3b48c91697fb327dd1fb95588fb
- https://github.com/moby/moby/commit/a79fabbfe84117696a19671f4aa88b82d0f64fc1
- https://www.docker.com/blog/docker-security-advisory-docker-engine-authz-plugin/
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-41110.json
reference_id
reference_type
scores
0
value 9.9
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-41110.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-41110
reference_id
reference_type
scores
0
value 0.03417
scoring_system epss
scoring_elements 0.87459
published_at 2026-04-21T12:55:00Z
1
value 0.04028
scoring_system epss
scoring_elements 0.88501
published_at 2026-04-16T12:55:00Z
2
value 0.04028
scoring_system epss
scoring_elements 0.88486
published_at 2026-04-13T12:55:00Z
3
value 0.04028
scoring_system epss
scoring_elements 0.88487
published_at 2026-04-12T12:55:00Z
4
value 0.04028
scoring_system epss
scoring_elements 0.88484
published_at 2026-04-09T12:55:00Z
5
value 0.04028
scoring_system epss
scoring_elements 0.88497
published_at 2026-04-18T12:55:00Z
6
value 0.04028
scoring_system epss
scoring_elements 0.88494
published_at 2026-04-11T12:55:00Z
7
value 0.04028
scoring_system epss
scoring_elements 0.8844
published_at 2026-04-02T12:55:00Z
8
value 0.04028
scoring_system epss
scoring_elements 0.88455
published_at 2026-04-04T12:55:00Z
9
value 0.04028
scoring_system epss
scoring_elements 0.88459
published_at 2026-04-07T12:55:00Z
10
value 0.04028
scoring_system epss
scoring_elements 0.88478
published_at 2026-04-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-41110
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41110
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41110
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 9.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/moby/moby
reference_id
reference_type
scores
0
value 9.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value 9.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/moby/moby
5
reference_url https://github.com/moby/moby/commit/411e817ddf710ff8e08fa193da80cb78af708191
reference_id
reference_type
scores
0
value 10
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value 9.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
2
value 9.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
3
value CRITICAL
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-26T03:55:30Z/
url https://github.com/moby/moby/commit/411e817ddf710ff8e08fa193da80cb78af708191
6
reference_url https://github.com/moby/moby/commit/42f40b1d6dd7562342f832b9cd2adf9e668eeb76
reference_id
reference_type
scores
0
value 10
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value 9.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
2
value 9.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
3
value CRITICAL
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-26T03:55:30Z/
url https://github.com/moby/moby/commit/42f40b1d6dd7562342f832b9cd2adf9e668eeb76
7
reference_url https://github.com/moby/moby/commit/65cc597cea28cdc25bea3b8a86384b4251872919
reference_id
reference_type
scores
0
value 10
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value 9.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
2
value 9.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
3
value CRITICAL
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-26T03:55:30Z/
url https://github.com/moby/moby/commit/65cc597cea28cdc25bea3b8a86384b4251872919
8
reference_url https://github.com/moby/moby/commit/852759a7df454cbf88db4e954c919becd48faa9b
reference_id
reference_type
scores
0
value 10
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value 9.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
2
value 9.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
3
value CRITICAL
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-26T03:55:30Z/
url https://github.com/moby/moby/commit/852759a7df454cbf88db4e954c919becd48faa9b
9
reference_url https://github.com/moby/moby/commit/a31260625655cff9ae226b51757915e275e304b0
reference_id
reference_type
scores
0
value 10
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value 9.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
2
value 9.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
3
value CRITICAL
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-26T03:55:30Z/
url https://github.com/moby/moby/commit/a31260625655cff9ae226b51757915e275e304b0
10
reference_url https://github.com/moby/moby/commit/a79fabbfe84117696a19671f4aa88b82d0f64fc1
reference_id
reference_type
scores
0
value 10
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value 9.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
2
value 9.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
3
value CRITICAL
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-26T03:55:30Z/
url https://github.com/moby/moby/commit/a79fabbfe84117696a19671f4aa88b82d0f64fc1
11
reference_url https://github.com/moby/moby/commit/ae160b4edddb72ef4bd71f66b975a1a1cc434f00
reference_id
reference_type
scores
0
value 10
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value 9.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
2
value 9.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
3
value CRITICAL
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-26T03:55:30Z/
url https://github.com/moby/moby/commit/ae160b4edddb72ef4bd71f66b975a1a1cc434f00
12
reference_url https://github.com/moby/moby/commit/ae2b3666c517c96cbc2adf1af5591a6b00d4ec0f
reference_id
reference_type
scores
0
value 10
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value 9.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
2
value 9.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
3
value CRITICAL
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-26T03:55:30Z/
url https://github.com/moby/moby/commit/ae2b3666c517c96cbc2adf1af5591a6b00d4ec0f
13
reference_url https://github.com/moby/moby/commit/cc13f952511154a2866bddbb7dddebfe9e83b801
reference_id
reference_type
scores
0
value 10
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value 9.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
2
value 9.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
3
value CRITICAL
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-26T03:55:30Z/
url https://github.com/moby/moby/commit/cc13f952511154a2866bddbb7dddebfe9e83b801
14
reference_url https://github.com/moby/moby/commit/fc274cd2ff4cf3b48c91697fb327dd1fb95588fb
reference_id
reference_type
scores
0
value 10
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value 9.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
2
value 9.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
3
value CRITICAL
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-26T03:55:30Z/
url https://github.com/moby/moby/commit/fc274cd2ff4cf3b48c91697fb327dd1fb95588fb
15
reference_url https://github.com/moby/moby/security/advisories/GHSA-v23v-6jw2-98fq
reference_id
reference_type
scores
0
value 10
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value 9.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
2
value 9.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
3
value CRITICAL
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-26T03:55:30Z/
url https://github.com/moby/moby/security/advisories/GHSA-v23v-6jw2-98fq
16
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-41110
reference_id
reference_type
scores
0
value 9.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value 9.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-41110
17
reference_url https://www.docker.com/blog/docker-security-advisory-docker-engine-authz-plugin
reference_id
reference_type
scores
0
value 10
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value 9.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
2
value 9.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
3
value CRITICAL
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-26T03:55:30Z/
url https://www.docker.com/blog/docker-security-advisory-docker-engine-authz-plugin
18
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2299720
reference_id 2299720
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2299720
19
reference_url https://access.redhat.com/errata/RHSA-2025:3714
reference_id RHSA-2025:3714
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:3714
20
reference_url https://usn.ubuntu.com/7161-1/
reference_id USN-7161-1
reference_type
scores
url https://usn.ubuntu.com/7161-1/
21
reference_url https://usn.ubuntu.com/7161-2/
reference_id USN-7161-2
reference_type
scores
url https://usn.ubuntu.com/7161-2/
22
reference_url https://usn.ubuntu.com/7161-3/
reference_id USN-7161-3
reference_type
scores
url https://usn.ubuntu.com/7161-3/
fixed_packages
0
url pkg:deb/debian/docker.io@20.10.24%2Bdfsg1-1
purl pkg:deb/debian/docker.io@20.10.24%2Bdfsg1-1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@20.10.24%252Bdfsg1-1
aliases CVE-2024-41110, GHSA-v23v-6jw2-98fq
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-41ft-14gt-bbbq
3
url VCID-43es-2d6x-jba8
vulnerability_id VCID-43es-2d6x-jba8
summary docker: container breakout without selinux in enforcing mode
references
0
reference_url http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00084.html
reference_id
reference_type
scores
url http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00084.html
1
reference_url https://access.redhat.com/errata/RHBA-2018:2796
reference_id
reference_type
scores
url https://access.redhat.com/errata/RHBA-2018:2796
2
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-10892.json
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-10892.json
3
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-10892
reference_id
reference_type
scores
0
value 0.00114
scoring_system epss
scoring_elements 0.30061
published_at 2026-04-01T12:55:00Z
1
value 0.00114
scoring_system epss
scoring_elements 0.29916
published_at 2026-04-21T12:55:00Z
2
value 0.00114
scoring_system epss
scoring_elements 0.30016
published_at 2026-04-12T12:55:00Z
3
value 0.00114
scoring_system epss
scoring_elements 0.29967
published_at 2026-04-13T12:55:00Z
4
value 0.00114
scoring_system epss
scoring_elements 0.29982
published_at 2026-04-16T12:55:00Z
5
value 0.00114
scoring_system epss
scoring_elements 0.29962
published_at 2026-04-18T12:55:00Z
6
value 0.00114
scoring_system epss
scoring_elements 0.30098
published_at 2026-04-02T12:55:00Z
7
value 0.00114
scoring_system epss
scoring_elements 0.30147
published_at 2026-04-04T12:55:00Z
8
value 0.00114
scoring_system epss
scoring_elements 0.2996
published_at 2026-04-07T12:55:00Z
9
value 0.00114
scoring_system epss
scoring_elements 0.3002
published_at 2026-04-08T12:55:00Z
10
value 0.00114
scoring_system epss
scoring_elements 0.30056
published_at 2026-04-09T12:55:00Z
11
value 0.00114
scoring_system epss
scoring_elements 0.3006
published_at 2026-04-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-10892
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10892
reference_id
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10892
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10892
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10892
6
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
7
reference_url https://github.com/moby/moby/pull/37404
reference_id
reference_type
scores
url https://github.com/moby/moby/pull/37404
8
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1598581
reference_id 1598581
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1598581
9
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=908057
reference_id 908057
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=908057
10
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:docker:docker:*:*:*:*:community_edition:*:*:*
reference_id cpe:2.3:a:docker:docker:*:*:*:*:community_edition:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:docker:docker:*:*:*:*:community_edition:*:*:*
11
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:docker:docker:*:*:*:*:enterprise_edition:*:*:*
reference_id cpe:2.3:a:docker:docker:*:*:*:*:enterprise_edition:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:docker:docker:*:*:*:*:enterprise_edition:*:*:*
12
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mobyproject:moby:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:mobyproject:moby:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mobyproject:moby:*:*:*:*:*:*:*:*
13
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openstack:12:*:*:*:*:*:*:*
reference_id cpe:2.3:a:redhat:openstack:12:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openstack:12:*:*:*:*:*:*:*
14
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*
reference_id cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*
15
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*
reference_id cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*
16
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
reference_id cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
17
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
reference_id cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
18
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-10892
reference_id CVE-2018-10892
reference_type
scores
0
value 5.0
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:N/C:N/I:P/A:N
1
value 6.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L
2
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
url https://nvd.nist.gov/vuln/detail/CVE-2018-10892
19
reference_url https://access.redhat.com/errata/RHSA-2018:2482
reference_id RHSA-2018:2482
reference_type
scores
url https://access.redhat.com/errata/RHSA-2018:2482
fixed_packages
0
url pkg:deb/debian/docker.io@18.09.1%2Bdfsg1-7.1%2Bdeb10u3
purl pkg:deb/debian/docker.io@18.09.1%2Bdfsg1-7.1%2Bdeb10u3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3eju-5upk-auhy
1
vulnerability VCID-41ft-14gt-bbbq
2
vulnerability VCID-6vru-hsfs-rufg
3
vulnerability VCID-bhju-575k-ebh3
4
vulnerability VCID-e9ng-x516-53cf
5
vulnerability VCID-gbw6-3a59-mbhu
6
vulnerability VCID-gund-83cy-9fap
7
vulnerability VCID-h83p-v26k-s7fa
8
vulnerability VCID-pevy-d197-zydv
9
vulnerability VCID-u44m-mgza-nfcx
10
vulnerability VCID-uckr-kzdf-7ydj
11
vulnerability VCID-yt33-nmzd-r3cs
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@18.09.1%252Bdfsg1-7.1%252Bdeb10u3
aliases CVE-2018-10892
risk_score 2.9
exploitability 0.5
weighted_severity 5.7
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-43es-2d6x-jba8
4
url VCID-6vru-hsfs-rufg
vulnerability_id VCID-6vru-hsfs-rufg
summary 
Multiple vulnerabilities have been found in containerd, the worst
    of which could result in privilege escalation.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-15257.json
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-15257.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-15257
reference_id
reference_type
scores
0
value 0.11147
scoring_system epss
scoring_elements 0.93475
published_at 2026-04-13T12:55:00Z
1
value 0.11147
scoring_system epss
scoring_elements 0.93501
published_at 2026-04-18T12:55:00Z
2
value 0.11147
scoring_system epss
scoring_elements 0.93495
published_at 2026-04-16T12:55:00Z
3
value 0.11147
scoring_system epss
scoring_elements 0.93442
published_at 2026-04-01T12:55:00Z
4
value 0.11147
scoring_system epss
scoring_elements 0.9345
published_at 2026-04-02T12:55:00Z
5
value 0.11147
scoring_system epss
scoring_elements 0.93458
published_at 2026-04-07T12:55:00Z
6
value 0.11147
scoring_system epss
scoring_elements 0.93466
published_at 2026-04-08T12:55:00Z
7
value 0.11147
scoring_system epss
scoring_elements 0.9347
published_at 2026-04-09T12:55:00Z
8
value 0.11997
scoring_system epss
scoring_elements 0.93802
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-15257
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15157
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15157
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15257
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15257
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21284
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21284
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21285
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21285
6
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
7
reference_url https://github.com/containerd/containerd/commit/4a4bb851f5da563ff6e68a83dc837c7699c469ad
reference_id
reference_type
scores
0
value 5.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/containerd/containerd/commit/4a4bb851f5da563ff6e68a83dc837c7699c469ad
8
reference_url https://github.com/containerd/containerd/releases/tag/v1.4.3
reference_id
reference_type
scores
0
value 5.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/containerd/containerd/releases/tag/v1.4.3
9
reference_url https://github.com/containerd/containerd/security/advisories/GHSA-36xw-fx78-c5r4
reference_id
reference_type
scores
0
value 5.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/containerd/containerd/security/advisories/GHSA-36xw-fx78-c5r4
10
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LNKXLOLZWO5FMAPX63ZL7JNKTNNT5NQD
reference_id
reference_type
scores
0
value 5.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LNKXLOLZWO5FMAPX63ZL7JNKTNNT5NQD
11
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-15257
reference_id
reference_type
scores
0
value 5.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-15257
12
reference_url https://research.nccgroup.com/2020/12/10/abstract-shimmer-cve-2020-15257-host-networking-is-root-equivalent-again
reference_id
reference_type
scores
0
value 5.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://research.nccgroup.com/2020/12/10/abstract-shimmer-cve-2020-15257-host-networking-is-root-equivalent-again
13
reference_url https://security.gentoo.org/glsa/202105-33
reference_id
reference_type
scores
0
value 5.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.gentoo.org/glsa/202105-33
14
reference_url https://www.debian.org/security/2021/dsa-4865
reference_id
reference_type
scores
0
value 5.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.debian.org/security/2021/dsa-4865
15
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1899487
reference_id 1899487
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1899487
16
reference_url https://security.archlinux.org/ASA-202012-8
reference_id ASA-202012-8
reference_type
scores
url https://security.archlinux.org/ASA-202012-8
17
reference_url https://security.archlinux.org/AVG-1309
reference_id AVG-1309
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-1309
18
reference_url https://access.redhat.com/errata/RHSA-2022:2183
reference_id RHSA-2022:2183
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:2183
19
reference_url https://usn.ubuntu.com/4653-1/
reference_id USN-4653-1
reference_type
scores
url https://usn.ubuntu.com/4653-1/
20
reference_url https://usn.ubuntu.com/4653-2/
reference_id USN-4653-2
reference_type
scores
url https://usn.ubuntu.com/4653-2/
fixed_packages
0
url pkg:deb/debian/docker.io@18.09.1%2Bdfsg1-7.1%2Bdeb10u3
purl pkg:deb/debian/docker.io@18.09.1%2Bdfsg1-7.1%2Bdeb10u3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3eju-5upk-auhy
1
vulnerability VCID-41ft-14gt-bbbq
2
vulnerability VCID-6vru-hsfs-rufg
3
vulnerability VCID-bhju-575k-ebh3
4
vulnerability VCID-e9ng-x516-53cf
5
vulnerability VCID-gbw6-3a59-mbhu
6
vulnerability VCID-gund-83cy-9fap
7
vulnerability VCID-h83p-v26k-s7fa
8
vulnerability VCID-pevy-d197-zydv
9
vulnerability VCID-u44m-mgza-nfcx
10
vulnerability VCID-uckr-kzdf-7ydj
11
vulnerability VCID-yt33-nmzd-r3cs
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@18.09.1%252Bdfsg1-7.1%252Bdeb10u3
1
url pkg:deb/debian/docker.io@20.10.5%2Bdfsg1-1
purl pkg:deb/debian/docker.io@20.10.5%2Bdfsg1-1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3eju-5upk-auhy
1
vulnerability VCID-41ft-14gt-bbbq
2
vulnerability VCID-bhju-575k-ebh3
3
vulnerability VCID-e9ng-x516-53cf
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@20.10.5%252Bdfsg1-1
aliases CVE-2020-15257, GHSA-36xw-fx78-c5r4
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6vru-hsfs-rufg
5
url VCID-ahbf-gwnw-nufp
vulnerability_id VCID-ahbf-gwnw-nufp
summary 
Docker Moby /proc/scsi Path Exposure Allows Host Data Loss (SCSI MICDROP)
The DefaultLinuxSpec function in oci/defaults.go in Docker Moby through 17.03.2-ce does not block /proc/scsi pathnames, which allows attackers to trigger data loss (when certain older Linux kernels are used) by leveraging Docker container access to write a "scsi remove-single-device" line to /proc/scsi/scsi, aka SCSI MICDROP.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-16539.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-16539.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-16539
reference_id
reference_type
scores
0
value 0.00444
scoring_system epss
scoring_elements 0.63406
published_at 2026-04-21T12:55:00Z
1
value 0.00444
scoring_system epss
scoring_elements 0.63427
published_at 2026-04-18T12:55:00Z
2
value 0.00444
scoring_system epss
scoring_elements 0.6342
published_at 2026-04-16T12:55:00Z
3
value 0.00444
scoring_system epss
scoring_elements 0.63385
published_at 2026-04-13T12:55:00Z
4
value 0.00444
scoring_system epss
scoring_elements 0.63438
published_at 2026-04-11T12:55:00Z
5
value 0.00444
scoring_system epss
scoring_elements 0.63421
published_at 2026-04-12T12:55:00Z
6
value 0.00444
scoring_system epss
scoring_elements 0.63403
published_at 2026-04-08T12:55:00Z
7
value 0.00444
scoring_system epss
scoring_elements 0.63351
published_at 2026-04-07T12:55:00Z
8
value 0.00444
scoring_system epss
scoring_elements 0.63386
published_at 2026-04-04T12:55:00Z
9
value 0.00444
scoring_system epss
scoring_elements 0.63359
published_at 2026-04-02T12:55:00Z
10
value 0.00444
scoring_system epss
scoring_elements 0.63298
published_at 2026-04-01T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-16539
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16539
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16539
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 3.6
scoring_system cvssv2
scoring_elements AV:L/AC:L/Au:N/C:N/I:P/A:P
1
value 4.4
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/moby/moby
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/moby/moby
5
reference_url https://github.com/moby/moby/commit/a21ecdf3c8a343a7c94e4c4d01b178c87ca7aaa1
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/moby/moby/commit/a21ecdf3c8a343a7c94e4c4d01b178c87ca7aaa1
6
reference_url https://github.com/moby/moby/pull/35399
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-10T15:10:20Z/
url https://github.com/moby/moby/pull/35399
7
reference_url https://github.com/moby/moby/pull/35399/commits/a21ecdf3c8a343a7c94e4c4d01b178c87ca7aaa1
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-10T15:10:20Z/
url https://github.com/moby/moby/pull/35399/commits/a21ecdf3c8a343a7c94e4c4d01b178c87ca7aaa1
8
reference_url https://marc.info/?l=linux-scsi&m=150985062200941&w=2
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-10T15:10:20Z/
url https://marc.info/?l=linux-scsi&m=150985062200941&w=2
9
reference_url https://marc.info/?l=linux-scsi&m=150985455801444&w=2
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-10T15:10:20Z/
url https://marc.info/?l=linux-scsi&m=150985455801444&w=2
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-16539
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv2
scoring_elements AV:N/AC:M/Au:N/C:N/I:N/A:P
1
value 5.9
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
2
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
3
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
4
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2017-16539
11
reference_url https://twitter.com/ewindisch/status/926443521820774401
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-10T15:10:20Z/
url https://twitter.com/ewindisch/status/926443521820774401
12
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1516205
reference_id 1516205
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1516205
13
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=900140
reference_id 900140
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=900140
14
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mobyproject:moby:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:mobyproject:moby:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mobyproject:moby:*:*:*:*:*:*:*:*
fixed_packages
0
url pkg:deb/debian/docker.io@18.09.1%2Bdfsg1-7.1%2Bdeb10u3
purl pkg:deb/debian/docker.io@18.09.1%2Bdfsg1-7.1%2Bdeb10u3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3eju-5upk-auhy
1
vulnerability VCID-41ft-14gt-bbbq
2
vulnerability VCID-6vru-hsfs-rufg
3
vulnerability VCID-bhju-575k-ebh3
4
vulnerability VCID-e9ng-x516-53cf
5
vulnerability VCID-gbw6-3a59-mbhu
6
vulnerability VCID-gund-83cy-9fap
7
vulnerability VCID-h83p-v26k-s7fa
8
vulnerability VCID-pevy-d197-zydv
9
vulnerability VCID-u44m-mgza-nfcx
10
vulnerability VCID-uckr-kzdf-7ydj
11
vulnerability VCID-yt33-nmzd-r3cs
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@18.09.1%252Bdfsg1-7.1%252Bdeb10u3
aliases CVE-2017-16539, GHSA-vfjc-2qcw-j95j
risk_score 3.4
exploitability 0.5
weighted_severity 6.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ahbf-gwnw-nufp
6
url VCID-bhju-575k-ebh3
vulnerability_id VCID-bhju-575k-ebh3
summary 
Docker CLI leaks private registry credentials to registry-1.docker.io
## Impact

A bug was found in the Docker CLI where running `docker login my-private-registry.example.com` with a misconfigured configuration file (typically `~/.docker/config.json`) listing a `credsStore` or `credHelpers` that could not be executed would result in any provided credentials being sent to `registry-1.docker.io` rather than the intended private registry.

## Patches

This bug has been fixed in Docker CLI 20.10.9.  Users should update to this version as soon as possible.

## Workarounds

Ensure that any configured `credsStore` or `credHelpers` entries in the configuration file reference an installed credential helper that is executable and on the `PATH`.

## For more information

If you have any questions or comments about this advisory:

* [Open an issue](https://github.com/docker/cli/issues/new/choose)
* Email us at security@docker.com if you think you’ve found a security bug
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-41092.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-41092.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-41092
reference_id
reference_type
scores
0
value 0.00077
scoring_system epss
scoring_elements 0.22948
published_at 2026-04-21T12:55:00Z
1
value 0.00077
scoring_system epss
scoring_elements 0.22923
published_at 2026-04-01T12:55:00Z
2
value 0.00077
scoring_system epss
scoring_elements 0.23089
published_at 2026-04-02T12:55:00Z
3
value 0.00077
scoring_system epss
scoring_elements 0.23134
published_at 2026-04-04T12:55:00Z
4
value 0.00077
scoring_system epss
scoring_elements 0.22925
published_at 2026-04-07T12:55:00Z
5
value 0.00077
scoring_system epss
scoring_elements 0.22998
published_at 2026-04-08T12:55:00Z
6
value 0.00077
scoring_system epss
scoring_elements 0.2305
published_at 2026-04-09T12:55:00Z
7
value 0.00077
scoring_system epss
scoring_elements 0.2307
published_at 2026-04-11T12:55:00Z
8
value 0.00077
scoring_system epss
scoring_elements 0.23034
published_at 2026-04-12T12:55:00Z
9
value 0.00077
scoring_system epss
scoring_elements 0.22977
published_at 2026-04-13T12:55:00Z
10
value 0.00077
scoring_system epss
scoring_elements 0.22991
published_at 2026-04-16T12:55:00Z
11
value 0.00077
scoring_system epss
scoring_elements 0.22984
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-41092
2
reference_url https://cert-portal.siemens.com/productcert/pdf/ssa-222547.pdf
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://cert-portal.siemens.com/productcert/pdf/ssa-222547.pdf
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41092
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41092
4
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:N/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
5
reference_url https://github.com/docker/cli/commit/893e52cf4ba4b048d72e99748e0f86b2767c6c6b
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/docker/cli/commit/893e52cf4ba4b048d72e99748e0f86b2767c6c6b
6
reference_url https://github.com/docker/cli/security/advisories/GHSA-99pg-grm5-qq3v
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/docker/cli/security/advisories/GHSA-99pg-grm5-qq3v
7
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B5Q6G6I4W5COQE25QMC7FJY3I3PAYFBB
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B5Q6G6I4W5COQE25QMC7FJY3I3PAYFBB
8
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZNFADTCHHYWVM6W4NJ6CB4FNFM2VMBIB
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZNFADTCHHYWVM6W4NJ6CB4FNFM2VMBIB
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-41092
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-41092
10
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2023449
reference_id 2023449
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2023449
11
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=998292
reference_id 998292
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=998292
12
reference_url https://security.archlinux.org/AVG-2440
reference_id AVG-2440
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2440
13
reference_url https://usn.ubuntu.com/5134-1/
reference_id USN-5134-1
reference_type
scores
url https://usn.ubuntu.com/5134-1/
fixed_packages
0
url pkg:deb/debian/docker.io@20.10.5%2Bdfsg1-1%2Bdeb11u2
purl pkg:deb/debian/docker.io@20.10.5%2Bdfsg1-1%2Bdeb11u2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1sky-21r5-3qcu
1
vulnerability VCID-41ft-14gt-bbbq
2
vulnerability VCID-6tg9-3vhh-muae
3
vulnerability VCID-8e1u-z6kg-ryhc
4
vulnerability VCID-avqu-wswg-c3ga
5
vulnerability VCID-b2qe-8u58-2qck
6
vulnerability VCID-bzeb-kj67-vfds
7
vulnerability VCID-e82r-vc77-f7bz
8
vulnerability VCID-njcw-wc13-dqcz
9
vulnerability VCID-quyf-eq2s-dbda
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@20.10.5%252Bdfsg1-1%252Bdeb11u2
aliases CVE-2021-41092, GHSA-99pg-grm5-qq3v
risk_score 3.4
exploitability 0.5
weighted_severity 6.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-bhju-575k-ebh3
7
url VCID-e6sp-khpk-r3d8
vulnerability_id VCID-e6sp-khpk-r3d8
summary docker: Manifest validation and parsing logic errors allow pull-by-digest validation bypass
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-8179.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-8179.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2014-8179
reference_id
reference_type
scores
0
value 0.01596
scoring_system epss
scoring_elements 0.8161
published_at 2026-04-01T12:55:00Z
1
value 0.01596
scoring_system epss
scoring_elements 0.81622
published_at 2026-04-02T12:55:00Z
2
value 0.01596
scoring_system epss
scoring_elements 0.81643
published_at 2026-04-04T12:55:00Z
3
value 0.01596
scoring_system epss
scoring_elements 0.8164
published_at 2026-04-07T12:55:00Z
4
value 0.01596
scoring_system epss
scoring_elements 0.81668
published_at 2026-04-08T12:55:00Z
5
value 0.01596
scoring_system epss
scoring_elements 0.81672
published_at 2026-04-09T12:55:00Z
6
value 0.01596
scoring_system epss
scoring_elements 0.81692
published_at 2026-04-11T12:55:00Z
7
value 0.01596
scoring_system epss
scoring_elements 0.8168
published_at 2026-04-12T12:55:00Z
8
value 0.01596
scoring_system epss
scoring_elements 0.81673
published_at 2026-04-13T12:55:00Z
9
value 0.01596
scoring_system epss
scoring_elements 0.81712
published_at 2026-04-18T12:55:00Z
10
value 0.01596
scoring_system epss
scoring_elements 0.81715
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2014-8179
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8179
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8179
3
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1271256
reference_id 1271256
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1271256
fixed_packages
0
url pkg:deb/debian/docker.io@18.09.1%2Bdfsg1-7.1%2Bdeb10u3
purl pkg:deb/debian/docker.io@18.09.1%2Bdfsg1-7.1%2Bdeb10u3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3eju-5upk-auhy
1
vulnerability VCID-41ft-14gt-bbbq
2
vulnerability VCID-6vru-hsfs-rufg
3
vulnerability VCID-bhju-575k-ebh3
4
vulnerability VCID-e9ng-x516-53cf
5
vulnerability VCID-gbw6-3a59-mbhu
6
vulnerability VCID-gund-83cy-9fap
7
vulnerability VCID-h83p-v26k-s7fa
8
vulnerability VCID-pevy-d197-zydv
9
vulnerability VCID-u44m-mgza-nfcx
10
vulnerability VCID-uckr-kzdf-7ydj
11
vulnerability VCID-yt33-nmzd-r3cs
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@18.09.1%252Bdfsg1-7.1%252Bdeb10u3
aliases CVE-2014-8179
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-e6sp-khpk-r3d8
8
url VCID-e9ng-x516-53cf
vulnerability_id VCID-e9ng-x516-53cf
summary 
Moby (Docker Engine) Insufficiently restricted permissions on data directory
## Impact

A bug was found in Moby (Docker Engine) where the data directory (typically `/var/lib/docker`) contained subdirectories with insufficiently restricted permissions, allowing otherwise unprivileged Linux users to traverse directory contents and execute programs.  When containers included executable programs with extended permission bits (such as `setuid`), unprivileged Linux users could discover and execute those programs.  When the UID of an unprivileged Linux user on the host collided with the file owner or group inside a container, the unprivileged Linux user on the host could discover, read, and modify those files.

## Patches

This bug has been fixed in Moby (Docker Engine) 20.10.9.  Users should update to this version as soon as possible.  Running containers should be stopped and restarted for the permissions to be fixed.

## Workarounds

Limit access to the host to trusted users.  Limit access to host volumes to trusted containers.

## Credits

The Moby project would like to thank Joan Bruguera for responsibly disclosing this issue in accordance with the [Moby security policy](https://github.com/moby/moby/blob/master/SECURITY.md).

## For more information

If you have any questions or comments about this advisory:

* [Open an issue](https://github.com/moby/moby/issues/new)
* Email us at security@docker.com if you think you’ve found a security bug
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-41091.json
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-41091.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-41091
reference_id
reference_type
scores
0
value 0.04746
scoring_system epss
scoring_elements 0.89438
published_at 2026-04-21T12:55:00Z
1
value 0.04746
scoring_system epss
scoring_elements 0.8943
published_at 2026-04-11T12:55:00Z
2
value 0.04746
scoring_system epss
scoring_elements 0.89429
published_at 2026-04-12T12:55:00Z
3
value 0.04746
scoring_system epss
scoring_elements 0.89424
published_at 2026-04-13T12:55:00Z
4
value 0.04746
scoring_system epss
scoring_elements 0.8944
published_at 2026-04-16T12:55:00Z
5
value 0.04746
scoring_system epss
scoring_elements 0.89441
published_at 2026-04-18T12:55:00Z
6
value 0.0558
scoring_system epss
scoring_elements 0.90259
published_at 2026-04-02T12:55:00Z
7
value 0.0558
scoring_system epss
scoring_elements 0.90298
published_at 2026-04-09T12:55:00Z
8
value 0.0558
scoring_system epss
scoring_elements 0.90291
published_at 2026-04-08T12:55:00Z
9
value 0.0558
scoring_system epss
scoring_elements 0.90276
published_at 2026-04-07T12:55:00Z
10
value 0.0558
scoring_system epss
scoring_elements 0.90256
published_at 2026-04-01T12:55:00Z
11
value 0.0558
scoring_system epss
scoring_elements 0.90272
published_at 2026-04-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-41091
2
reference_url https://cert-portal.siemens.com/productcert/pdf/ssa-222547.pdf
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://cert-portal.siemens.com/productcert/pdf/ssa-222547.pdf
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41091
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41091
4
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
5
reference_url https://github.com/moby/moby
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/moby/moby
6
reference_url https://github.com/moby/moby/commit/f0ab919f518c47240ea0e72d0999576bb8008e64
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/moby/moby/commit/f0ab919f518c47240ea0e72d0999576bb8008e64
7
reference_url https://github.com/moby/moby/security/advisories/GHSA-3fwx-pjgw-3558
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/moby/moby/security/advisories/GHSA-3fwx-pjgw-3558
8
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B5Q6G6I4W5COQE25QMC7FJY3I3PAYFBB
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B5Q6G6I4W5COQE25QMC7FJY3I3PAYFBB
9
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZNFADTCHHYWVM6W4NJ6CB4FNFM2VMBIB
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZNFADTCHHYWVM6W4NJ6CB4FNFM2VMBIB
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-41091
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-41091
11
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2023448
reference_id 2023448
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2023448
12
reference_url https://security.archlinux.org/AVG-2440
reference_id AVG-2440
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2440
13
reference_url https://security.gentoo.org/glsa/202409-29
reference_id GLSA-202409-29
reference_type
scores
url https://security.gentoo.org/glsa/202409-29
fixed_packages
0
url pkg:deb/debian/docker.io@20.10.5%2Bdfsg1-1%2Bdeb11u2
purl pkg:deb/debian/docker.io@20.10.5%2Bdfsg1-1%2Bdeb11u2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1sky-21r5-3qcu
1
vulnerability VCID-41ft-14gt-bbbq
2
vulnerability VCID-6tg9-3vhh-muae
3
vulnerability VCID-8e1u-z6kg-ryhc
4
vulnerability VCID-avqu-wswg-c3ga
5
vulnerability VCID-b2qe-8u58-2qck
6
vulnerability VCID-bzeb-kj67-vfds
7
vulnerability VCID-e82r-vc77-f7bz
8
vulnerability VCID-njcw-wc13-dqcz
9
vulnerability VCID-quyf-eq2s-dbda
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@20.10.5%252Bdfsg1-1%252Bdeb11u2
aliases CVE-2021-41091, GHSA-3fwx-pjgw-3558
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-e9ng-x516-53cf
9
url VCID-eb24-pguf-ryg1
vulnerability_id VCID-eb24-pguf-ryg1
summary 
tar-split memory exhaustion
Lack of content verification in Docker-CE (Also known as Moby) versions 1.12.6-0, 1.10.3, 17.03.0, 17.03.1, 17.03.2, 17.06.0, 17.06.1, 17.06.2, 17.09.0, and earlier allows a remote attacker to cause a Denial of Service via a crafted image layer payload, aka gzip bombing.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-14992.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-14992.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-14992
reference_id
reference_type
scores
0
value 0.00333
scoring_system epss
scoring_elements 0.56151
published_at 2026-04-21T12:55:00Z
1
value 0.00333
scoring_system epss
scoring_elements 0.56175
published_at 2026-04-09T12:55:00Z
2
value 0.00333
scoring_system epss
scoring_elements 0.56182
published_at 2026-04-18T12:55:00Z
3
value 0.00333
scoring_system epss
scoring_elements 0.5618
published_at 2026-04-16T12:55:00Z
4
value 0.00333
scoring_system epss
scoring_elements 0.5601
published_at 2026-04-01T12:55:00Z
5
value 0.00333
scoring_system epss
scoring_elements 0.56146
published_at 2026-04-13T12:55:00Z
6
value 0.00333
scoring_system epss
scoring_elements 0.56162
published_at 2026-04-12T12:55:00Z
7
value 0.00333
scoring_system epss
scoring_elements 0.5612
published_at 2026-04-02T12:55:00Z
8
value 0.00333
scoring_system epss
scoring_elements 0.5614
published_at 2026-04-04T12:55:00Z
9
value 0.00333
scoring_system epss
scoring_elements 0.56119
published_at 2026-04-07T12:55:00Z
10
value 0.00333
scoring_system epss
scoring_elements 0.5617
published_at 2026-04-08T12:55:00Z
11
value 0.00333
scoring_system epss
scoring_elements 0.56186
published_at 2026-04-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-14992
2
reference_url https://blog.cloudpassage.com/2017/10/13/discovering-docker-cve-2017-14992/
reference_id
reference_type
scores
url https://blog.cloudpassage.com/2017/10/13/discovering-docker-cve-2017-14992/
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14992
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14992
4
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 4.9
scoring_system cvssv2
scoring_elements AV:L/AC:L/Au:N/C:N/I:N/A:C
1
value 6.2
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
5
reference_url https://github.com/moby/moby/issues/35075
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/moby/moby/issues/35075
6
reference_url https://github.com/vbatts/tar-split
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/vbatts/tar-split
7
reference_url https://github.com/vbatts/tar-split/pull/42
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/vbatts/tar-split/pull/42
8
reference_url https://github.com/vbatts/tar-split/releases/tag/v0.10.2
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/vbatts/tar-split/releases/tag/v0.10.2
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-14992
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv2
scoring_elements AV:N/AC:M/Au:N/C:N/I:N/A:P
1
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
2
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
3
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2017-14992
10
reference_url https://web.archive.org/web/20171119174639/https://blog.cloudpassage.com/2017/10/13/discovering-docker-cve-2017-14992
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20171119174639/https://blog.cloudpassage.com/2017/10/13/discovering-docker-cve-2017-14992
11
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1510348
reference_id 1510348
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1510348
12
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=908055
reference_id 908055
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=908055
13
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=908056
reference_id 908056
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=908056
14
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:docker:docker:1.12.6-0:*:*:*:community:*:*:*
reference_id cpe:2.3:a:docker:docker:1.12.6-0:*:*:*:community:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:docker:docker:1.12.6-0:*:*:*:community:*:*:*
15
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:docker:docker:17.03.0:*:*:*:community:*:*:*
reference_id cpe:2.3:a:docker:docker:17.03.0:*:*:*:community:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:docker:docker:17.03.0:*:*:*:community:*:*:*
16
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:docker:docker:17.03.1:*:*:*:community:*:*:*
reference_id cpe:2.3:a:docker:docker:17.03.1:*:*:*:community:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:docker:docker:17.03.1:*:*:*:community:*:*:*
17
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:docker:docker:17.03.2:*:*:*:community:*:*:*
reference_id cpe:2.3:a:docker:docker:17.03.2:*:*:*:community:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:docker:docker:17.03.2:*:*:*:community:*:*:*
18
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:docker:docker:17.06.0:*:*:*:community:*:*:*
reference_id cpe:2.3:a:docker:docker:17.06.0:*:*:*:community:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:docker:docker:17.06.0:*:*:*:community:*:*:*
19
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:docker:docker:17.06.1:*:*:*:community:*:*:*
reference_id cpe:2.3:a:docker:docker:17.06.1:*:*:*:community:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:docker:docker:17.06.1:*:*:*:community:*:*:*
20
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:docker:docker:17.06.2:*:*:*:community:*:*:*
reference_id cpe:2.3:a:docker:docker:17.06.2:*:*:*:community:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:docker:docker:17.06.2:*:*:*:community:*:*:*
21
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:docker:docker:17.09.0:*:*:*:community:*:*:*
reference_id cpe:2.3:a:docker:docker:17.09.0:*:*:*:community:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:docker:docker:17.09.0:*:*:*:community:*:*:*
22
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:docker:docker:*:*:*:*:community:*:*:*
reference_id cpe:2.3:a:docker:docker:*:*:*:*:community:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:docker:docker:*:*:*:*:community:*:*:*
fixed_packages
0
url pkg:deb/debian/docker.io@18.09.1%2Bdfsg1-7.1%2Bdeb10u3
purl pkg:deb/debian/docker.io@18.09.1%2Bdfsg1-7.1%2Bdeb10u3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3eju-5upk-auhy
1
vulnerability VCID-41ft-14gt-bbbq
2
vulnerability VCID-6vru-hsfs-rufg
3
vulnerability VCID-bhju-575k-ebh3
4
vulnerability VCID-e9ng-x516-53cf
5
vulnerability VCID-gbw6-3a59-mbhu
6
vulnerability VCID-gund-83cy-9fap
7
vulnerability VCID-h83p-v26k-s7fa
8
vulnerability VCID-pevy-d197-zydv
9
vulnerability VCID-u44m-mgza-nfcx
10
vulnerability VCID-uckr-kzdf-7ydj
11
vulnerability VCID-yt33-nmzd-r3cs
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@18.09.1%252Bdfsg1-7.1%252Bdeb10u3
aliases CVE-2017-14992, GHSA-hqwh-8xv9-42hw
risk_score 3.4
exploitability 0.5
weighted_severity 6.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-eb24-pguf-ryg1
10
url VCID-f6d3-yyvz-xqgs
vulnerability_id VCID-f6d3-yyvz-xqgs
summary docker: Memory exhaustion via large integer used with --cpuset-mems or --cpuset-cpus
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-20699.json
reference_id
reference_type
scores
0
value 4.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-20699.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-20699
reference_id
reference_type
scores
0
value 0.00076
scoring_system epss
scoring_elements 0.22812
published_at 2026-04-01T12:55:00Z
1
value 0.00076
scoring_system epss
scoring_elements 0.22837
published_at 2026-04-21T12:55:00Z
2
value 0.00076
scoring_system epss
scoring_elements 0.22867
published_at 2026-04-13T12:55:00Z
3
value 0.00076
scoring_system epss
scoring_elements 0.22882
published_at 2026-04-16T12:55:00Z
4
value 0.00076
scoring_system epss
scoring_elements 0.22876
published_at 2026-04-18T12:55:00Z
5
value 0.00076
scoring_system epss
scoring_elements 0.22981
published_at 2026-04-02T12:55:00Z
6
value 0.00076
scoring_system epss
scoring_elements 0.23025
published_at 2026-04-04T12:55:00Z
7
value 0.00076
scoring_system epss
scoring_elements 0.22816
published_at 2026-04-07T12:55:00Z
8
value 0.00076
scoring_system epss
scoring_elements 0.2289
published_at 2026-04-08T12:55:00Z
9
value 0.00076
scoring_system epss
scoring_elements 0.22942
published_at 2026-04-09T12:55:00Z
10
value 0.00076
scoring_system epss
scoring_elements 0.22961
published_at 2026-04-11T12:55:00Z
11
value 0.00076
scoring_system epss
scoring_elements 0.22924
published_at 2026-04-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-20699
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20699
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20699
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/docker/engine/pull/70
reference_id
reference_type
scores
url https://github.com/docker/engine/pull/70
5
reference_url https://github.com/moby/moby/pull/37967
reference_id
reference_type
scores
url https://github.com/moby/moby/pull/37967
6
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1666565
reference_id 1666565
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1666565
7
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:docker:engine:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:docker:engine:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:docker:engine:*:*:*:*:*:*:*:*
8
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
reference_id cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-20699
reference_id CVE-2018-20699
reference_type
scores
0
value 4.0
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:S/C:N/I:N/A:P
1
value 4.9
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
url https://nvd.nist.gov/vuln/detail/CVE-2018-20699
10
reference_url https://access.redhat.com/errata/RHSA-2019:0487
reference_id RHSA-2019:0487
reference_type
scores
url https://access.redhat.com/errata/RHSA-2019:0487
fixed_packages
0
url pkg:deb/debian/docker.io@18.09.1%2Bdfsg1-7.1%2Bdeb10u3
purl pkg:deb/debian/docker.io@18.09.1%2Bdfsg1-7.1%2Bdeb10u3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3eju-5upk-auhy
1
vulnerability VCID-41ft-14gt-bbbq
2
vulnerability VCID-6vru-hsfs-rufg
3
vulnerability VCID-bhju-575k-ebh3
4
vulnerability VCID-e9ng-x516-53cf
5
vulnerability VCID-gbw6-3a59-mbhu
6
vulnerability VCID-gund-83cy-9fap
7
vulnerability VCID-h83p-v26k-s7fa
8
vulnerability VCID-pevy-d197-zydv
9
vulnerability VCID-u44m-mgza-nfcx
10
vulnerability VCID-uckr-kzdf-7ydj
11
vulnerability VCID-yt33-nmzd-r3cs
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@18.09.1%252Bdfsg1-7.1%252Bdeb10u3
aliases CVE-2018-20699
risk_score 2.2
exploitability 0.5
weighted_severity 4.4
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-f6d3-yyvz-xqgs
11
url VCID-gbw6-3a59-mbhu
vulnerability_id VCID-gbw6-3a59-mbhu
summary 
containerd v1.2.x can be coerced into leaking credentials during image pull
## Impact

If a container image manifest in the OCI Image format or Docker Image V2 Schema 2 format includes a URL for the location of a specific image layer (otherwise known as a “foreign layer”), the default containerd resolver will follow that URL to attempt to download it. In v1.2.x but not 1.3.0 or later, the default containerd resolver will provide its authentication credentials if the server where the URL is located presents an HTTP 401 status code along with registry-specific HTTP headers.

If an attacker publishes a public image with a manifest that directs one of the layers to be fetched from a web server they control and they trick a user or system into pulling the image, they can obtain the credentials used for pulling that image. In some cases, this may be the user's username and password for the registry. In other cases, this may be the credentials attached to the cloud virtual instance which can grant access to other cloud resources in the account.

The default containerd resolver is used by the cri-containerd plugin (which can be used by Kubernetes), the ctr development tool, and other client programs that have explicitly linked against it.

This vulnerability has been rated by the containerd maintainers as medium, with a CVSS score of 6.1 and a vector string of CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N.

## Patches

This vulnerability has been fixed in containerd 1.2.14.  containerd 1.3 and later are not affected.

## Workarounds

If you are using containerd 1.3 or later, you are not affected.  If you are using cri-containerd in the 1.2 series or prior, you should ensure you only pull images from trusted sources.  Other container runtimes built on top of containerd but not using the default resolver (such as Docker) are not affected.

## Credits

The containerd maintainers would like to thank Brad Geesaman, Josh Larsen, Ian Coldwater, Duffie Cooley, and Rory McCune for responsibly disclosing this issue in accordance with the [containerd security policy](https://github.com/containerd/project/blob/master/SECURITY.md).
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-15157.json
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-15157.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-15157
reference_id
reference_type
scores
0
value 0.00777
scoring_system epss
scoring_elements 0.73669
published_at 2026-04-16T12:55:00Z
1
value 0.00777
scoring_system epss
scoring_elements 0.73678
published_at 2026-04-18T12:55:00Z
2
value 0.00777
scoring_system epss
scoring_elements 0.73575
published_at 2026-04-01T12:55:00Z
3
value 0.00777
scoring_system epss
scoring_elements 0.73584
published_at 2026-04-02T12:55:00Z
4
value 0.00777
scoring_system epss
scoring_elements 0.73608
published_at 2026-04-04T12:55:00Z
5
value 0.00777
scoring_system epss
scoring_elements 0.7358
published_at 2026-04-07T12:55:00Z
6
value 0.00777
scoring_system epss
scoring_elements 0.73617
published_at 2026-04-08T12:55:00Z
7
value 0.00777
scoring_system epss
scoring_elements 0.73629
published_at 2026-04-09T12:55:00Z
8
value 0.00777
scoring_system epss
scoring_elements 0.73652
published_at 2026-04-11T12:55:00Z
9
value 0.00777
scoring_system epss
scoring_elements 0.73634
published_at 2026-04-12T12:55:00Z
10
value 0.00777
scoring_system epss
scoring_elements 0.73625
published_at 2026-04-13T12:55:00Z
11
value 0.00846
scoring_system epss
scoring_elements 0.74851
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-15157
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15157
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15157
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15257
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15257
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21284
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21284
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21285
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21285
6
reference_url https://darkbit.io/blog/cve-2020-15157-containerdrip
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://darkbit.io/blog/cve-2020-15157-containerdrip
7
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
8
reference_url https://github.com/containerd/containerd
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/containerd/containerd
9
reference_url https://github.com/containerd/containerd/commit/1ead8d9deb3b175bf40413b8c47b3d19c2262726
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/containerd/containerd/commit/1ead8d9deb3b175bf40413b8c47b3d19c2262726
10
reference_url https://github.com/containerd/containerd/releases/tag/v1.2.14
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/containerd/containerd/releases/tag/v1.2.14
11
reference_url https://github.com/containerd/containerd/security/advisories/GHSA-742w-89gc-8m9c
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/containerd/containerd/security/advisories/GHSA-742w-89gc-8m9c
12
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-15157
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-15157
13
reference_url https://usn.ubuntu.com/4589-1
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://usn.ubuntu.com/4589-1
14
reference_url https://usn.ubuntu.com/4589-2
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://usn.ubuntu.com/4589-2
15
reference_url https://www.debian.org/security/2021/dsa-4865
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.debian.org/security/2021/dsa-4865
16
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1888248
reference_id 1888248
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1888248
17
reference_url https://usn.ubuntu.com/4589-1/
reference_id USN-4589-1
reference_type
scores
url https://usn.ubuntu.com/4589-1/
18
reference_url https://usn.ubuntu.com/4589-2/
reference_id USN-4589-2
reference_type
scores
url https://usn.ubuntu.com/4589-2/
fixed_packages
0
url pkg:deb/debian/docker.io@18.09.1%2Bdfsg1-7.1%2Bdeb10u3
purl pkg:deb/debian/docker.io@18.09.1%2Bdfsg1-7.1%2Bdeb10u3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3eju-5upk-auhy
1
vulnerability VCID-41ft-14gt-bbbq
2
vulnerability VCID-6vru-hsfs-rufg
3
vulnerability VCID-bhju-575k-ebh3
4
vulnerability VCID-e9ng-x516-53cf
5
vulnerability VCID-gbw6-3a59-mbhu
6
vulnerability VCID-gund-83cy-9fap
7
vulnerability VCID-h83p-v26k-s7fa
8
vulnerability VCID-pevy-d197-zydv
9
vulnerability VCID-u44m-mgza-nfcx
10
vulnerability VCID-uckr-kzdf-7ydj
11
vulnerability VCID-yt33-nmzd-r3cs
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@18.09.1%252Bdfsg1-7.1%252Bdeb10u3
1
url pkg:deb/debian/docker.io@20.10.5%2Bdfsg1-1
purl pkg:deb/debian/docker.io@20.10.5%2Bdfsg1-1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3eju-5upk-auhy
1
vulnerability VCID-41ft-14gt-bbbq
2
vulnerability VCID-bhju-575k-ebh3
3
vulnerability VCID-e9ng-x516-53cf
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@20.10.5%252Bdfsg1-1
aliases CVE-2020-15157, GHSA-742w-89gc-8m9c
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gbw6-3a59-mbhu
12
url VCID-gund-83cy-9fap
vulnerability_id VCID-gund-83cy-9fap
summary 
moby Access to remapped root allows privilege escalation to real root
### Impact

When using `--userns-remap`, if the root user in the remapped namespace has access to the host filesystem they can modify files under `/var/lib/docker/<remapping>` that cause writing files with extended privileges.

### Patches

Versions 20.10.3 and 19.03.15 contain patches that prevent privilege escalation from remapped user.

### Credits

Maintainers would like to thank Alex Chapman for discovering the vulnerability; @awprice, @nathanburrell, @raulgomis, @chris-walz, @erin-jensby, @bassmatt, @mark-adams, @dbaxa for working on it and Zac Ellis for responsibly disclosing it to security@docker.com
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-21284.json
reference_id
reference_type
scores
0
value 6.0
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-21284.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-21284
reference_id
reference_type
scores
0
value 0.0002
scoring_system epss
scoring_elements 0.05518
published_at 2026-04-21T12:55:00Z
1
value 0.0002
scoring_system epss
scoring_elements 0.05357
published_at 2026-04-18T12:55:00Z
2
value 0.0002
scoring_system epss
scoring_elements 0.05401
published_at 2026-04-13T12:55:00Z
3
value 0.0002
scoring_system epss
scoring_elements 0.05409
published_at 2026-04-12T12:55:00Z
4
value 0.0002
scoring_system epss
scoring_elements 0.05422
published_at 2026-04-11T12:55:00Z
5
value 0.0002
scoring_system epss
scoring_elements 0.05448
published_at 2026-04-09T12:55:00Z
6
value 0.0002
scoring_system epss
scoring_elements 0.05426
published_at 2026-04-08T12:55:00Z
7
value 0.0002
scoring_system epss
scoring_elements 0.05392
published_at 2026-04-07T12:55:00Z
8
value 0.0002
scoring_system epss
scoring_elements 0.05384
published_at 2026-04-04T12:55:00Z
9
value 0.0002
scoring_system epss
scoring_elements 0.05354
published_at 2026-04-16T12:55:00Z
10
value 0.0002
scoring_system epss
scoring_elements 0.05312
published_at 2026-04-01T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-21284
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15157
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15157
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15257
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15257
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21284
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21284
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21285
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21285
6
reference_url https://docs.docker.com/engine/release-notes/#20103
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://docs.docker.com/engine/release-notes/#20103
7
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 2.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:L/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
8
reference_url https://github.com/moby/moby/commit/64bd4485b3a66a597c02c95f5776395e540b2c7c
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/moby/moby/commit/64bd4485b3a66a597c02c95f5776395e540b2c7c
9
reference_url https://github.com/moby/moby/releases/tag/v19.03.15
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/moby/moby/releases/tag/v19.03.15
10
reference_url https://github.com/moby/moby/releases/tag/v20.10.3
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/moby/moby/releases/tag/v20.10.3
11
reference_url https://github.com/moby/moby/security/advisories/GHSA-7452-xqpj-6rpc
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/moby/moby/security/advisories/GHSA-7452-xqpj-6rpc
12
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-21284
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-21284
13
reference_url https://security.gentoo.org/glsa/202107-23
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.gentoo.org/glsa/202107-23
14
reference_url https://security.netapp.com/advisory/ntap-20210226-0005
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20210226-0005
15
reference_url https://www.debian.org/security/2021/dsa-4865
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.debian.org/security/2021/dsa-4865
16
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1924740
reference_id 1924740
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1924740
17
reference_url https://security.archlinux.org/ASA-202102-12
reference_id ASA-202102-12
reference_type
scores
url https://security.archlinux.org/ASA-202102-12
18
reference_url https://security.archlinux.org/AVG-1528
reference_id AVG-1528
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-1528
fixed_packages
0
url pkg:deb/debian/docker.io@18.09.1%2Bdfsg1-7.1%2Bdeb10u3
purl pkg:deb/debian/docker.io@18.09.1%2Bdfsg1-7.1%2Bdeb10u3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3eju-5upk-auhy
1
vulnerability VCID-41ft-14gt-bbbq
2
vulnerability VCID-6vru-hsfs-rufg
3
vulnerability VCID-bhju-575k-ebh3
4
vulnerability VCID-e9ng-x516-53cf
5
vulnerability VCID-gbw6-3a59-mbhu
6
vulnerability VCID-gund-83cy-9fap
7
vulnerability VCID-h83p-v26k-s7fa
8
vulnerability VCID-pevy-d197-zydv
9
vulnerability VCID-u44m-mgza-nfcx
10
vulnerability VCID-uckr-kzdf-7ydj
11
vulnerability VCID-yt33-nmzd-r3cs
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@18.09.1%252Bdfsg1-7.1%252Bdeb10u3
1
url pkg:deb/debian/docker.io@20.10.5%2Bdfsg1-1
purl pkg:deb/debian/docker.io@20.10.5%2Bdfsg1-1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3eju-5upk-auhy
1
vulnerability VCID-41ft-14gt-bbbq
2
vulnerability VCID-bhju-575k-ebh3
3
vulnerability VCID-e9ng-x516-53cf
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@20.10.5%252Bdfsg1-1
aliases CVE-2021-21284, GHSA-7452-xqpj-6rpc
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gund-83cy-9fap
13
url VCID-h83p-v26k-s7fa
vulnerability_id VCID-h83p-v26k-s7fa
summary A flaw in Docker allowed possible information leakage.
references
0
reference_url http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00040.html
reference_id
reference_type
scores
0
value 6.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00040.html
1
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-13401.json
reference_id
reference_type
scores
0
value 6.0
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-13401.json
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-13401
reference_id
reference_type
scores
0
value 0.1287
scoring_system epss
scoring_elements 0.94067
published_at 2026-04-21T12:55:00Z
1
value 0.1287
scoring_system epss
scoring_elements 0.94007
published_at 2026-04-01T12:55:00Z
2
value 0.1287
scoring_system epss
scoring_elements 0.94017
published_at 2026-04-02T12:55:00Z
3
value 0.1287
scoring_system epss
scoring_elements 0.94027
published_at 2026-04-04T12:55:00Z
4
value 0.1287
scoring_system epss
scoring_elements 0.9403
published_at 2026-04-07T12:55:00Z
5
value 0.1287
scoring_system epss
scoring_elements 0.94039
published_at 2026-04-08T12:55:00Z
6
value 0.1287
scoring_system epss
scoring_elements 0.94043
published_at 2026-04-09T12:55:00Z
7
value 0.1287
scoring_system epss
scoring_elements 0.94047
published_at 2026-04-13T12:55:00Z
8
value 0.1287
scoring_system epss
scoring_elements 0.94063
published_at 2026-04-16T12:55:00Z
9
value 0.1287
scoring_system epss
scoring_elements 0.94068
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-13401
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13401
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13401
4
reference_url https://docs.docker.com/engine/release-notes
reference_id
reference_type
scores
0
value 6.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://docs.docker.com/engine/release-notes
5
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
6
reference_url https://github.com/docker/docker-ce/releases/tag/v19.03.11
reference_id
reference_type
scores
0
value 6.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/docker/docker-ce/releases/tag/v19.03.11
7
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DN4JQAOXBE3XUNK3FD423LHE3K74EMJT
reference_id
reference_type
scores
0
value 6.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DN4JQAOXBE3XUNK3FD423LHE3K74EMJT
8
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KJZLKRCOJMOGUIJI2AS27BOZS3RBEF3K
reference_id
reference_type
scores
0
value 6.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KJZLKRCOJMOGUIJI2AS27BOZS3RBEF3K
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-13401
reference_id
reference_type
scores
0
value 6.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-13401
10
reference_url https://security.netapp.com/advisory/ntap-20200717-0002
reference_id
reference_type
scores
0
value 6.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20200717-0002
11
reference_url https://www.debian.org/security/2020/dsa-4716
reference_id
reference_type
scores
0
value 6.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.debian.org/security/2020/dsa-4716
12
reference_url http://www.openwall.com/lists/oss-security/2020/06/01/5
reference_id
reference_type
scores
0
value 6.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2020/06/01/5
13
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1833233
reference_id 1833233
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1833233
14
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=962141
reference_id 962141
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=962141
15
reference_url https://security.gentoo.org/glsa/202008-15
reference_id GLSA-202008-15
reference_type
scores
0
value 6.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.gentoo.org/glsa/202008-15
fixed_packages
0
url pkg:deb/debian/docker.io@18.09.1%2Bdfsg1-7.1%2Bdeb10u3
purl pkg:deb/debian/docker.io@18.09.1%2Bdfsg1-7.1%2Bdeb10u3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3eju-5upk-auhy
1
vulnerability VCID-41ft-14gt-bbbq
2
vulnerability VCID-6vru-hsfs-rufg
3
vulnerability VCID-bhju-575k-ebh3
4
vulnerability VCID-e9ng-x516-53cf
5
vulnerability VCID-gbw6-3a59-mbhu
6
vulnerability VCID-gund-83cy-9fap
7
vulnerability VCID-h83p-v26k-s7fa
8
vulnerability VCID-pevy-d197-zydv
9
vulnerability VCID-u44m-mgza-nfcx
10
vulnerability VCID-uckr-kzdf-7ydj
11
vulnerability VCID-yt33-nmzd-r3cs
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@18.09.1%252Bdfsg1-7.1%252Bdeb10u3
1
url pkg:deb/debian/docker.io@20.10.5%2Bdfsg1-1
purl pkg:deb/debian/docker.io@20.10.5%2Bdfsg1-1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3eju-5upk-auhy
1
vulnerability VCID-41ft-14gt-bbbq
2
vulnerability VCID-bhju-575k-ebh3
3
vulnerability VCID-e9ng-x516-53cf
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@20.10.5%252Bdfsg1-1
aliases CVE-2020-13401, GHSA-qrrc-ww9x-r43g
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-h83p-v26k-s7fa
14
url VCID-pevy-d197-zydv
vulnerability_id VCID-pevy-d197-zydv
summary 
Moby Docker cp broken with debian containers
In Docker 19.03.x before 19.03.1 linked against the GNU C Library (aka glibc), code injection can occur when the nsswitch facility dynamically loads a library inside a chroot that contains the contents of the container.
references
0
reference_url http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00084.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00084.html
1
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-14271.json
reference_id
reference_type
scores
0
value 8.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-14271.json
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-14271
reference_id
reference_type
scores
0
value 0.72198
scoring_system epss
scoring_elements 0.98752
published_at 2026-04-12T12:55:00Z
1
value 0.72198
scoring_system epss
scoring_elements 0.98749
published_at 2026-04-09T12:55:00Z
2
value 0.72198
scoring_system epss
scoring_elements 0.98748
published_at 2026-04-07T12:55:00Z
3
value 0.72198
scoring_system epss
scoring_elements 0.98745
published_at 2026-04-04T12:55:00Z
4
value 0.72198
scoring_system epss
scoring_elements 0.98742
published_at 2026-04-02T12:55:00Z
5
value 0.72198
scoring_system epss
scoring_elements 0.98741
published_at 2026-04-01T12:55:00Z
6
value 0.72198
scoring_system epss
scoring_elements 0.98756
published_at 2026-04-18T12:55:00Z
7
value 0.72198
scoring_system epss
scoring_elements 0.98754
published_at 2026-04-13T12:55:00Z
8
value 0.72589
scoring_system epss
scoring_elements 0.98774
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-14271
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13139
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13139
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13509
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13509
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14271
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14271
6
reference_url https://docs.docker.com/engine/release-notes
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://docs.docker.com/engine/release-notes
7
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 8.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
8
reference_url https://github.com/moby/moby
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/moby/moby
9
reference_url https://github.com/moby/moby/commit/11e48badcb67554b3d795241855028f28d244545
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/moby/moby/commit/11e48badcb67554b3d795241855028f28d244545
10
reference_url https://github.com/moby/moby/commit/fa8dd90ceb7bcb9d554d27e0b9087ab83e54bd2b
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/moby/moby/commit/fa8dd90ceb7bcb9d554d27e0b9087ab83e54bd2b
11
reference_url https://github.com/moby/moby/issues/39449
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/moby/moby/issues/39449
12
reference_url https://github.com/moby/moby/pull/39612
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/moby/moby/pull/39612
13
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-14271
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-14271
14
reference_url https://seclists.org/bugtraq/2019/Sep/21
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://seclists.org/bugtraq/2019/Sep/21
15
reference_url https://security.netapp.com/advisory/ntap-20190828-0003
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20190828-0003
16
reference_url https://www.debian.org/security/2019/dsa-4521
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.debian.org/security/2019/dsa-4521
17
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1747222
reference_id 1747222
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1747222
fixed_packages
0
url pkg:deb/debian/docker.io@18.09.1%2Bdfsg1-7.1%2Bdeb10u3
purl pkg:deb/debian/docker.io@18.09.1%2Bdfsg1-7.1%2Bdeb10u3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3eju-5upk-auhy
1
vulnerability VCID-41ft-14gt-bbbq
2
vulnerability VCID-6vru-hsfs-rufg
3
vulnerability VCID-bhju-575k-ebh3
4
vulnerability VCID-e9ng-x516-53cf
5
vulnerability VCID-gbw6-3a59-mbhu
6
vulnerability VCID-gund-83cy-9fap
7
vulnerability VCID-h83p-v26k-s7fa
8
vulnerability VCID-pevy-d197-zydv
9
vulnerability VCID-u44m-mgza-nfcx
10
vulnerability VCID-uckr-kzdf-7ydj
11
vulnerability VCID-yt33-nmzd-r3cs
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@18.09.1%252Bdfsg1-7.1%252Bdeb10u3
1
url pkg:deb/debian/docker.io@20.10.5%2Bdfsg1-1
purl pkg:deb/debian/docker.io@20.10.5%2Bdfsg1-1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3eju-5upk-auhy
1
vulnerability VCID-41ft-14gt-bbbq
2
vulnerability VCID-bhju-575k-ebh3
3
vulnerability VCID-e9ng-x516-53cf
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@20.10.5%252Bdfsg1-1
aliases CVE-2019-14271, GHSA-v2cv-wwxq-qq97
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-pevy-d197-zydv
15
url VCID-qwqe-27yu-8kds
vulnerability_id VCID-qwqe-27yu-8kds
summary 
Docker Authentication Bypass
An issue was discovered in Docker Moby before 17.06.0. The Docker engine validated a client TLS certificate using both the configured client CA root certificate and all system roots on non-Windows systems. This allowed a client with any domain validated certificate signed by a system-trusted root CA (as opposed to one signed by the configured CA root certificate) to authenticate.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-12608.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-12608.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-12608
reference_id
reference_type
scores
0
value 0.0045
scoring_system epss
scoring_elements 0.63657
published_at 2026-04-21T12:55:00Z
1
value 0.0045
scoring_system epss
scoring_elements 0.63547
published_at 2026-04-01T12:55:00Z
2
value 0.0045
scoring_system epss
scoring_elements 0.63607
published_at 2026-04-02T12:55:00Z
3
value 0.0045
scoring_system epss
scoring_elements 0.63634
published_at 2026-04-04T12:55:00Z
4
value 0.0045
scoring_system epss
scoring_elements 0.63593
published_at 2026-04-07T12:55:00Z
5
value 0.0045
scoring_system epss
scoring_elements 0.63645
published_at 2026-04-08T12:55:00Z
6
value 0.0045
scoring_system epss
scoring_elements 0.63661
published_at 2026-04-12T12:55:00Z
7
value 0.0045
scoring_system epss
scoring_elements 0.63676
published_at 2026-04-11T12:55:00Z
8
value 0.0045
scoring_system epss
scoring_elements 0.63627
published_at 2026-04-13T12:55:00Z
9
value 0.0045
scoring_system epss
scoring_elements 0.63664
published_at 2026-04-16T12:55:00Z
10
value 0.0045
scoring_system epss
scoring_elements 0.63673
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-12608
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12608
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12608
3
reference_url https://github.com/moby/moby
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/moby/moby
4
reference_url https://github.com/moby/moby/commit/190c6e8cf8b893874a33d83f78307f1bed0bfbcd
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/moby/moby/commit/190c6e8cf8b893874a33d83f78307f1bed0bfbcd
5
reference_url https://github.com/moby/moby/issues/33173
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/moby/moby/issues/33173
6
reference_url https://github.com/moby/moby/pull/33182
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/moby/moby/pull/33182
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-12608
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-12608
8
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2275812
reference_id 2275812
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2275812
9
reference_url https://access.redhat.com/errata/RHSA-2024:5094
reference_id RHSA-2024:5094
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:5094
fixed_packages
0
url pkg:deb/debian/docker.io@18.09.1%2Bdfsg1-7.1%2Bdeb10u3
purl pkg:deb/debian/docker.io@18.09.1%2Bdfsg1-7.1%2Bdeb10u3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3eju-5upk-auhy
1
vulnerability VCID-41ft-14gt-bbbq
2
vulnerability VCID-6vru-hsfs-rufg
3
vulnerability VCID-bhju-575k-ebh3
4
vulnerability VCID-e9ng-x516-53cf
5
vulnerability VCID-gbw6-3a59-mbhu
6
vulnerability VCID-gund-83cy-9fap
7
vulnerability VCID-h83p-v26k-s7fa
8
vulnerability VCID-pevy-d197-zydv
9
vulnerability VCID-u44m-mgza-nfcx
10
vulnerability VCID-uckr-kzdf-7ydj
11
vulnerability VCID-yt33-nmzd-r3cs
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@18.09.1%252Bdfsg1-7.1%252Bdeb10u3
aliases CVE-2018-12608, GHSA-qrqr-3x5j-2xw9
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qwqe-27yu-8kds
16
url VCID-sh5d-p485-6qh4
vulnerability_id VCID-sh5d-p485-6qh4
summary docker: symlink-exchange race attacks in docker cp
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-15664.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-15664.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-15664
reference_id
reference_type
scores
0
value 0.06925
scoring_system epss
scoring_elements 0.91363
published_at 2026-04-01T12:55:00Z
1
value 0.06925
scoring_system epss
scoring_elements 0.91434
published_at 2026-04-21T12:55:00Z
2
value 0.06925
scoring_system epss
scoring_elements 0.91437
published_at 2026-04-16T12:55:00Z
3
value 0.06925
scoring_system epss
scoring_elements 0.91433
published_at 2026-04-18T12:55:00Z
4
value 0.06925
scoring_system epss
scoring_elements 0.91368
published_at 2026-04-02T12:55:00Z
5
value 0.06925
scoring_system epss
scoring_elements 0.91379
published_at 2026-04-04T12:55:00Z
6
value 0.06925
scoring_system epss
scoring_elements 0.91386
published_at 2026-04-07T12:55:00Z
7
value 0.06925
scoring_system epss
scoring_elements 0.91398
published_at 2026-04-08T12:55:00Z
8
value 0.06925
scoring_system epss
scoring_elements 0.91405
published_at 2026-04-09T12:55:00Z
9
value 0.06925
scoring_system epss
scoring_elements 0.91411
published_at 2026-04-11T12:55:00Z
10
value 0.06925
scoring_system epss
scoring_elements 0.91414
published_at 2026-04-12T12:55:00Z
11
value 0.06925
scoring_system epss
scoring_elements 0.91413
published_at 2026-04-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-15664
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15664
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15664
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1714722
reference_id 1714722
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1714722
5
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=929662
reference_id 929662
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=929662
6
reference_url https://security.archlinux.org/AVG-968
reference_id AVG-968
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-968
7
reference_url https://access.redhat.com/errata/RHSA-2019:1910
reference_id RHSA-2019:1910
reference_type
scores
url https://access.redhat.com/errata/RHSA-2019:1910
8
reference_url https://usn.ubuntu.com/4048-1/
reference_id USN-4048-1
reference_type
scores
url https://usn.ubuntu.com/4048-1/
fixed_packages
0
url pkg:deb/debian/docker.io@18.09.1%2Bdfsg1-7.1%2Bdeb10u3
purl pkg:deb/debian/docker.io@18.09.1%2Bdfsg1-7.1%2Bdeb10u3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3eju-5upk-auhy
1
vulnerability VCID-41ft-14gt-bbbq
2
vulnerability VCID-6vru-hsfs-rufg
3
vulnerability VCID-bhju-575k-ebh3
4
vulnerability VCID-e9ng-x516-53cf
5
vulnerability VCID-gbw6-3a59-mbhu
6
vulnerability VCID-gund-83cy-9fap
7
vulnerability VCID-h83p-v26k-s7fa
8
vulnerability VCID-pevy-d197-zydv
9
vulnerability VCID-u44m-mgza-nfcx
10
vulnerability VCID-uckr-kzdf-7ydj
11
vulnerability VCID-yt33-nmzd-r3cs
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@18.09.1%252Bdfsg1-7.1%252Bdeb10u3
aliases CVE-2018-15664
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-sh5d-p485-6qh4
17
url VCID-su25-rgw1-xkg6
vulnerability_id VCID-su25-rgw1-xkg6
summary docker: Attacker controlled layer IDs lead to local graph content poisoning
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-8178.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-8178.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2014-8178
reference_id
reference_type
scores
0
value 0.00266
scoring_system epss
scoring_elements 0.50045
published_at 2026-04-01T12:55:00Z
1
value 0.00266
scoring_system epss
scoring_elements 0.50079
published_at 2026-04-02T12:55:00Z
2
value 0.00266
scoring_system epss
scoring_elements 0.50107
published_at 2026-04-04T12:55:00Z
3
value 0.00266
scoring_system epss
scoring_elements 0.50057
published_at 2026-04-07T12:55:00Z
4
value 0.00266
scoring_system epss
scoring_elements 0.50111
published_at 2026-04-08T12:55:00Z
5
value 0.00266
scoring_system epss
scoring_elements 0.50105
published_at 2026-04-09T12:55:00Z
6
value 0.00266
scoring_system epss
scoring_elements 0.50122
published_at 2026-04-11T12:55:00Z
7
value 0.00266
scoring_system epss
scoring_elements 0.50096
published_at 2026-04-12T12:55:00Z
8
value 0.00266
scoring_system epss
scoring_elements 0.50093
published_at 2026-04-13T12:55:00Z
9
value 0.00266
scoring_system epss
scoring_elements 0.50137
published_at 2026-04-16T12:55:00Z
10
value 0.00266
scoring_system epss
scoring_elements 0.50138
published_at 2026-04-18T12:55:00Z
11
value 0.00266
scoring_system epss
scoring_elements 0.5011
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2014-8178
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8178
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8178
3
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1271253
reference_id 1271253
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1271253
fixed_packages
0
url pkg:deb/debian/docker.io@18.09.1%2Bdfsg1-7.1%2Bdeb10u3
purl pkg:deb/debian/docker.io@18.09.1%2Bdfsg1-7.1%2Bdeb10u3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3eju-5upk-auhy
1
vulnerability VCID-41ft-14gt-bbbq
2
vulnerability VCID-6vru-hsfs-rufg
3
vulnerability VCID-bhju-575k-ebh3
4
vulnerability VCID-e9ng-x516-53cf
5
vulnerability VCID-gbw6-3a59-mbhu
6
vulnerability VCID-gund-83cy-9fap
7
vulnerability VCID-h83p-v26k-s7fa
8
vulnerability VCID-pevy-d197-zydv
9
vulnerability VCID-u44m-mgza-nfcx
10
vulnerability VCID-uckr-kzdf-7ydj
11
vulnerability VCID-yt33-nmzd-r3cs
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@18.09.1%252Bdfsg1-7.1%252Bdeb10u3
aliases CVE-2014-8178
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-su25-rgw1-xkg6
18
url VCID-u44m-mgza-nfcx
vulnerability_id VCID-u44m-mgza-nfcx
summary 
Secret insertion into debug log in Docker
In Docker CE and EE before 18.09.8 (as well as Docker EE before 17.06.2-ee-23 and 18.x before 18.03.1-ee-10), Docker Engine in debug mode may sometimes add secrets to the debug log. This applies to a scenario where docker stack deploy is run to redeploy a stack that includes (non external) secrets. It potentially applies to other API users of the stack API if they resend the secret.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-13509.json
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-13509.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-13509
reference_id
reference_type
scores
0
value 0.0155
scoring_system epss
scoring_elements 0.81451
published_at 2026-04-21T12:55:00Z
1
value 0.0155
scoring_system epss
scoring_elements 0.81432
published_at 2026-04-11T12:55:00Z
2
value 0.0155
scoring_system epss
scoring_elements 0.81419
published_at 2026-04-12T12:55:00Z
3
value 0.0155
scoring_system epss
scoring_elements 0.81412
published_at 2026-04-13T12:55:00Z
4
value 0.0155
scoring_system epss
scoring_elements 0.81449
published_at 2026-04-16T12:55:00Z
5
value 0.0155
scoring_system epss
scoring_elements 0.8145
published_at 2026-04-18T12:55:00Z
6
value 0.0155
scoring_system epss
scoring_elements 0.81348
published_at 2026-04-01T12:55:00Z
7
value 0.0155
scoring_system epss
scoring_elements 0.81357
published_at 2026-04-02T12:55:00Z
8
value 0.0155
scoring_system epss
scoring_elements 0.81379
published_at 2026-04-04T12:55:00Z
9
value 0.0155
scoring_system epss
scoring_elements 0.81377
published_at 2026-04-07T12:55:00Z
10
value 0.0155
scoring_system epss
scoring_elements 0.81405
published_at 2026-04-08T12:55:00Z
11
value 0.0155
scoring_system epss
scoring_elements 0.8141
published_at 2026-04-09T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-13509
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13139
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13139
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13509
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13509
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14271
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14271
5
reference_url https://docs.docker.com/engine/release-notes/18.09
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://docs.docker.com/engine/release-notes/18.09
6
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-13509
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-13509
8
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1732418
reference_id 1732418
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1732418
9
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=932673
reference_id 932673
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=932673
fixed_packages
0
url pkg:deb/debian/docker.io@18.09.1%2Bdfsg1-7.1%2Bdeb10u3
purl pkg:deb/debian/docker.io@18.09.1%2Bdfsg1-7.1%2Bdeb10u3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3eju-5upk-auhy
1
vulnerability VCID-41ft-14gt-bbbq
2
vulnerability VCID-6vru-hsfs-rufg
3
vulnerability VCID-bhju-575k-ebh3
4
vulnerability VCID-e9ng-x516-53cf
5
vulnerability VCID-gbw6-3a59-mbhu
6
vulnerability VCID-gund-83cy-9fap
7
vulnerability VCID-h83p-v26k-s7fa
8
vulnerability VCID-pevy-d197-zydv
9
vulnerability VCID-u44m-mgza-nfcx
10
vulnerability VCID-uckr-kzdf-7ydj
11
vulnerability VCID-yt33-nmzd-r3cs
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@18.09.1%252Bdfsg1-7.1%252Bdeb10u3
1
url pkg:deb/debian/docker.io@20.10.5%2Bdfsg1-1
purl pkg:deb/debian/docker.io@20.10.5%2Bdfsg1-1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3eju-5upk-auhy
1
vulnerability VCID-41ft-14gt-bbbq
2
vulnerability VCID-bhju-575k-ebh3
3
vulnerability VCID-e9ng-x516-53cf
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@20.10.5%252Bdfsg1-1
aliases CVE-2019-13509, GHSA-j249-ghv5-7mxv
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-u44m-mgza-nfcx
19
url VCID-uckr-kzdf-7ydj
vulnerability_id VCID-uckr-kzdf-7ydj
summary 
moby docker daemon crash during image pull of malicious image
### Impact

Pulling an intentionally malformed Docker image manifest crashes the `dockerd` daemon.

### Patches

Versions 20.10.3 and 19.03.15 contain patches that prevent the daemon from crashing.

### Credits

Maintainers would like to thank Josh Larsen, Ian Coldwater, Duffie Cooley, Rory McCune for working on the vulnerability and Brad Geesaman for responsibly disclosing it to security@docker.com.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-21285.json
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-21285.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-21285
reference_id
reference_type
scores
0
value 0.00351
scoring_system epss
scoring_elements 0.57546
published_at 2026-04-21T12:55:00Z
1
value 0.00351
scoring_system epss
scoring_elements 0.57569
published_at 2026-04-16T12:55:00Z
2
value 0.00351
scoring_system epss
scoring_elements 0.57541
published_at 2026-04-13T12:55:00Z
3
value 0.00351
scoring_system epss
scoring_elements 0.57515
published_at 2026-04-02T12:55:00Z
4
value 0.00351
scoring_system epss
scoring_elements 0.57431
published_at 2026-04-01T12:55:00Z
5
value 0.00351
scoring_system epss
scoring_elements 0.57568
published_at 2026-04-09T12:55:00Z
6
value 0.00351
scoring_system epss
scoring_elements 0.57563
published_at 2026-04-12T12:55:00Z
7
value 0.00351
scoring_system epss
scoring_elements 0.57583
published_at 2026-04-11T12:55:00Z
8
value 0.00351
scoring_system epss
scoring_elements 0.57536
published_at 2026-04-04T12:55:00Z
9
value 0.00351
scoring_system epss
scoring_elements 0.57512
published_at 2026-04-07T12:55:00Z
10
value 0.00351
scoring_system epss
scoring_elements 0.57565
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-21285
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15157
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15157
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15257
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15257
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21284
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21284
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21285
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21285
6
reference_url https://docs.docker.com/engine/release-notes/#20103
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://docs.docker.com/engine/release-notes/#20103
7
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
8
reference_url https://github.com/moby/moby/commit/8d3179546e79065adefa67cc697c09d0ab137d30
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/moby/moby/commit/8d3179546e79065adefa67cc697c09d0ab137d30
9
reference_url https://github.com/moby/moby/releases/tag/v19.03.15
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/moby/moby/releases/tag/v19.03.15
10
reference_url https://github.com/moby/moby/releases/tag/v20.10.3
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/moby/moby/releases/tag/v20.10.3
11
reference_url https://github.com/moby/moby/security/advisories/GHSA-6fj5-m822-rqx8
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/moby/moby/security/advisories/GHSA-6fj5-m822-rqx8
12
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-21285
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-21285
13
reference_url https://security.gentoo.org/glsa/202107-23
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.gentoo.org/glsa/202107-23
14
reference_url https://security.netapp.com/advisory/ntap-20210226-0005
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20210226-0005
15
reference_url https://www.debian.org/security/2021/dsa-4865
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.debian.org/security/2021/dsa-4865
16
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1924742
reference_id 1924742
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1924742
17
reference_url https://security.archlinux.org/ASA-202102-12
reference_id ASA-202102-12
reference_type
scores
url https://security.archlinux.org/ASA-202102-12
18
reference_url https://security.archlinux.org/AVG-1528
reference_id AVG-1528
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-1528
fixed_packages
0
url pkg:deb/debian/docker.io@18.09.1%2Bdfsg1-7.1%2Bdeb10u3
purl pkg:deb/debian/docker.io@18.09.1%2Bdfsg1-7.1%2Bdeb10u3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3eju-5upk-auhy
1
vulnerability VCID-41ft-14gt-bbbq
2
vulnerability VCID-6vru-hsfs-rufg
3
vulnerability VCID-bhju-575k-ebh3
4
vulnerability VCID-e9ng-x516-53cf
5
vulnerability VCID-gbw6-3a59-mbhu
6
vulnerability VCID-gund-83cy-9fap
7
vulnerability VCID-h83p-v26k-s7fa
8
vulnerability VCID-pevy-d197-zydv
9
vulnerability VCID-u44m-mgza-nfcx
10
vulnerability VCID-uckr-kzdf-7ydj
11
vulnerability VCID-yt33-nmzd-r3cs
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@18.09.1%252Bdfsg1-7.1%252Bdeb10u3
1
url pkg:deb/debian/docker.io@20.10.5%2Bdfsg1-1
purl pkg:deb/debian/docker.io@20.10.5%2Bdfsg1-1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3eju-5upk-auhy
1
vulnerability VCID-41ft-14gt-bbbq
2
vulnerability VCID-bhju-575k-ebh3
3
vulnerability VCID-e9ng-x516-53cf
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@20.10.5%252Bdfsg1-1
aliases CVE-2021-21285, GHSA-6fj5-m822-rqx8
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-uckr-kzdf-7ydj
20
url VCID-yt33-nmzd-r3cs
vulnerability_id VCID-yt33-nmzd-r3cs
summary docker: command injection due to a missing validation of the git ref command
references
0
reference_url https://access.redhat.com/errata/RHBA-2019:3092
reference_id
reference_type
scores
url https://access.redhat.com/errata/RHBA-2019:3092
1
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-13139.json
reference_id
reference_type
scores
0
value 6.7
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-13139.json
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-13139
reference_id
reference_type
scores
0
value 0.00548
scoring_system epss
scoring_elements 0.67846
published_at 2026-04-01T12:55:00Z
1
value 0.00548
scoring_system epss
scoring_elements 0.67939
published_at 2026-04-21T12:55:00Z
2
value 0.00548
scoring_system epss
scoring_elements 0.67907
published_at 2026-04-13T12:55:00Z
3
value 0.00548
scoring_system epss
scoring_elements 0.67945
published_at 2026-04-16T12:55:00Z
4
value 0.00548
scoring_system epss
scoring_elements 0.67958
published_at 2026-04-18T12:55:00Z
5
value 0.00548
scoring_system epss
scoring_elements 0.67869
published_at 2026-04-07T12:55:00Z
6
value 0.00548
scoring_system epss
scoring_elements 0.67888
published_at 2026-04-04T12:55:00Z
7
value 0.00548
scoring_system epss
scoring_elements 0.6792
published_at 2026-04-08T12:55:00Z
8
value 0.00548
scoring_system epss
scoring_elements 0.67933
published_at 2026-04-09T12:55:00Z
9
value 0.00548
scoring_system epss
scoring_elements 0.67957
published_at 2026-04-11T12:55:00Z
10
value 0.00548
scoring_system epss
scoring_elements 0.67943
published_at 2026-04-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-13139
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13139
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13139
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13509
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13509
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14271
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14271
6
reference_url https://docs.docker.com/engine/release-notes/#18094
reference_id
reference_type
scores
url https://docs.docker.com/engine/release-notes/#18094
7
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 6.7
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
8
reference_url https://github.com/moby/moby/pull/38944
reference_id
reference_type
scores
url https://github.com/moby/moby/pull/38944
9
reference_url https://seclists.org/bugtraq/2019/Sep/21
reference_id
reference_type
scores
url https://seclists.org/bugtraq/2019/Sep/21
10
reference_url https://security.netapp.com/advisory/ntap-20190910-0001/
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20190910-0001/
11
reference_url https://staaldraad.github.io/post/2019-07-16-cve-2019-13139-docker-build/
reference_id
reference_type
scores
url https://staaldraad.github.io/post/2019-07-16-cve-2019-13139-docker-build/
12
reference_url https://www.debian.org/security/2019/dsa-4521
reference_id
reference_type
scores
url https://www.debian.org/security/2019/dsa-4521
13
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1732627
reference_id 1732627
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1732627
14
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=933002
reference_id 933002
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=933002
15
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:docker:docker:*:*:*:*:enterprise:*:*:*
reference_id cpe:2.3:a:docker:docker:*:*:*:*:enterprise:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:docker:docker:*:*:*:*:enterprise:*:*:*
16
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-13139
reference_id CVE-2019-13139
reference_type
scores
0
value 4.6
scoring_system cvssv2
scoring_elements AV:L/AC:L/Au:N/C:P/I:P/A:P
1
value 8.4
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://nvd.nist.gov/vuln/detail/CVE-2019-13139
fixed_packages
0
url pkg:deb/debian/docker.io@18.09.1%2Bdfsg1-7.1%2Bdeb10u3
purl pkg:deb/debian/docker.io@18.09.1%2Bdfsg1-7.1%2Bdeb10u3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3eju-5upk-auhy
1
vulnerability VCID-41ft-14gt-bbbq
2
vulnerability VCID-6vru-hsfs-rufg
3
vulnerability VCID-bhju-575k-ebh3
4
vulnerability VCID-e9ng-x516-53cf
5
vulnerability VCID-gbw6-3a59-mbhu
6
vulnerability VCID-gund-83cy-9fap
7
vulnerability VCID-h83p-v26k-s7fa
8
vulnerability VCID-pevy-d197-zydv
9
vulnerability VCID-u44m-mgza-nfcx
10
vulnerability VCID-uckr-kzdf-7ydj
11
vulnerability VCID-yt33-nmzd-r3cs
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@18.09.1%252Bdfsg1-7.1%252Bdeb10u3
1
url pkg:deb/debian/docker.io@20.10.5%2Bdfsg1-1
purl pkg:deb/debian/docker.io@20.10.5%2Bdfsg1-1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3eju-5upk-auhy
1
vulnerability VCID-41ft-14gt-bbbq
2
vulnerability VCID-bhju-575k-ebh3
3
vulnerability VCID-e9ng-x516-53cf
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@20.10.5%252Bdfsg1-1
aliases CVE-2019-13139
risk_score 3.8
exploitability 0.5
weighted_severity 7.6
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-yt33-nmzd-r3cs
Fixing_vulnerabilities
Risk_score4.5
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@1.6.2~dfsg1-1~bpo8%252B1