Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-65gx-t947-s7a3
SummaryThe Marathon UI in DC/OS < 1.9.0 allows unauthenticated users to deploy arbitrary Docker containers. Due to improper restriction of volume mount configurations, attackers can deploy a container that mounts the host's root filesystem (/) with read/write privileges. When using a malicious Docker image, the attacker can write to /etc/cron.d/ on the host, achieving arbitrary code execution with root privileges. This impacts any system where the Docker daemon honors Marathon container configurations without policy enforcement.
Aliases
0
alias CVE-2017-20198
Fixed_packages
Affected_packages
References
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-20198
reference_id
reference_type
scores
0
value 0.72962
scoring_system epss
scoring_elements 0.98802
published_at 2026-06-11T12:55:00Z
1
value 0.72962
scoring_system epss
scoring_elements 0.98807
published_at 2026-06-13T12:55:00Z
2
value 0.72962
scoring_system epss
scoring_elements 0.98806
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-20198
1
reference_url https://www.exploit-db.com/exploits/42134
reference_id 42134
reference_type
scores
0
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
1
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-07-23T14:50:52Z/
url https://www.exploit-db.com/exploits/42134
2
reference_url https://dcos.io/
reference_id dcos.io
reference_type
scores
0
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
1
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-07-23T14:50:52Z/
url https://dcos.io/
3
reference_url https://web.archive.org/web/20230609134421/https://warroom.rsmus.com/dcos-marathon-compromise/
reference_id dcos-marathon-compromise
reference_type
scores
0
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
1
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-07-23T14:50:52Z/
url https://web.archive.org/web/20230609134421/https://warroom.rsmus.com/dcos-marathon-compromise/
4
reference_url https://www.vulncheck.com/advisories/dcos-marathon-docker-mount-abuse-rce
reference_id dcos-marathon-docker-mount-abuse-rce
reference_type
scores
0
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
1
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-07-23T14:50:52Z/
url https://www.vulncheck.com/advisories/dcos-marathon-docker-mount-abuse-rce
5
reference_url https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/linux/http/dcos_marathon.rb
reference_id dcos_marathon.rb
reference_type
scores
0
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
1
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-07-23T14:50:52Z/
url https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/linux/http/dcos_marathon.rb
Weaknesses
0
cwe_id 732
name Incorrect Permission Assignment for Critical Resource
description The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.
Exploits
0
date_added null
description 
Utilizing the DCOS Cluster's Marathon UI, an attacker can create
          a docker container with the '/' path mounted with read/write
          permissions on the host server that is running the docker container.
          As the docker container executes command as uid 0 it is honored
          by the host operating system allowing the attacker to edit/create
          files owed by root. This exploit abuses this to creates a cron job
          in the '/etc/cron.d/' path of the host server.

          *Notes: The docker image must be a valid docker image from
          hub.docker.com. Furthermore the docker container will only
          deploy if there are resources available in the DC/OS cluster.
required_action null
due_date null
notes 
Reliability:
  - unknown-reliability
Stability:
  - unknown-stability
SideEffects:
  - unknown-side-effects
known_ransomware_campaign_use false
source_date_published 2017-03-03
exploit_type null
platform Python
source_date_updated null
data_source Metasploit
source_url https://github.com/rapid7/metasploit-framework/tree/master/modules/exploits/linux/http/dcos_marathon.rb
Severity_range_score9.3 - 9.3
Exploitabilitynull
Weighted_severitynull
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-65gx-t947-s7a3