CVE-2014-5279

Published: Feb 6, 2018Modified: Nov 21, 2024

8.8

Vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

The Docker daemon managed by boot2docker 1.2 and earlier improperly enables unauthenticated TCP connections by default, which makes it easier for remote attackers to gain privileges or execute arbitrary code from children containers.

Affected (1)

Products: Boot2docker: Boot2docker

Boot2docker

1 product

Boot2docker

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Boot2docker Boot2docker	Up to 1.2

Related CWEs

CWE-284

Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

References (2)

https://groups.google.com/forum/#%21msg/docker-announce/aQoVmQlcE0A/smPuBNYf8VwJ

Source: cve@mitre.org

https://groups.google.com/forum/#%21msg/docker-announce/aQoVmQlcE0A/smPuBNYf8VwJ

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.