Image Layer Vulnerability in Docker Engine by Docker, Inc.
CVE-2014-8178

5.5MEDIUM

Key Information:

Vendor

Docker

Status
Docker Engine
Cs Docker Engine
Vendor
CVE Published:
17 December 2019

What is CVE-2014-8178?

The Docker Engine harbored a security issue where it did not utilize a globally unique identifier for storing image layers. This oversight permitted malicious actors to manipulate the image cache, potentially leading to the execution of crafted images through pull or push commands. This vulnerability emphasizes the need for improved layer management and security protocols within container technologies.

Affected Version(s)

CS Docker Engine before 1.6.2-CS7

Docker Engine before 1.8.3

References

http://lists.opensuse.org/opensuse-updates/2015-10/msg000...
x_refsource_MISC
http://lists.opensuse.org/opensuse-security-announce/2015...
x_refsource_MISC
https://groups.google.com/forum/#%21msg/docker-dev/bWVVtL...
x_refsource_MISC

CVSS V3.1

Score:
5.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.