Path Traversal in Docker · CVE-2014-9356 · GitHub Advisory Database · GitHub

Path Traversal in Docker

Moderate severity GitHub Reviewed Published May 18, 2021 to the GitHub Advisory Database • Updated Jul 8, 2024

Package

github.com/docker/docker (Go)

Affected versions

< 1.3.3

Patched versions

1.3.3

Description

Path traversal vulnerability in Docker before 1.3.3 allows remote attackers to write to arbitrary files and bypass a container protection mechanism via a full pathname in a symlink in an (1) image or (2) build in a Dockerfile.

References

Reviewed May 17, 2021

Published to the GitHub Advisory Database May 18, 2021

Last updated Jul 8, 2024

Severity

Moderate

/ 10

CVSS v3 base metrics

Attack vector

Network

Attack complexity

High

Privileges required

None

User interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

High

Availability

None

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N