Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2020-14298

The version of docker as released for Red Hat Enterprise Linux 7 Extras via RHBA-2020:0053 advisory included an incorrect version of runc missing the fix for CVE-2019-5736, which was previously fixed via RHSA-2019:0304. This issue could allow a malicious or compromised container to compromise the container host and other containers running on the same host. This issue only affects docker version 1.13.1-108.git4ef4b30.el7, shipped in Red Hat Enterprise Linux 7 Extras. Both earlier and later versions are not affected.

Published

2020-07-13T21:15:14.187

Last Modified

2024-11-21T05:02:57.240

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 8.8 (HIGH)

CVSSv2 Vector

AV:L/AC:L/Au:N/C:P/I:P/A:P

  • Access Vector: LOCAL
  • Access Complexity: LOW
  • Authentication: NONE
  • Confidentiality Impact: PARTIAL
  • Integrity Impact: PARTIAL
  • Availability Impact: PARTIAL
Exploitability Score

3.9

Impact Score

6.4

Weaknesses
  • Type: Primary
    CWE-273
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Application docker docker 1.13.1 Yes
Application redhat openshift_container_platform ≤ 3.7.61 Yes
Operating System redhat enterprise_linux_server 7.0 Yes
References