moby/moby's dockerd daemon encrypted overlay network may be unauthenticated
CVE-2023-28840

7.5HIGH

Key Information:

Vendor
Moby
Status
Moby
Vendor
CVE Published:
4 April 2023

Summary

A vulnerability exists in the overlay network driver of Moby, which may allow an attacker to inject arbitrary Ethernet frames. This could lead to a Denial of Service (DoS) attack or potentially escalate privileges by circumventing a stateful firewall through unauthorized UDP or TCP connections. Encrypted overlay networks aim to maintain security through IPSec, yet the design flaw in the iptables rules could permit unencrypted datagrams improperly. Affected users are encouraged to apply the patches available in the latest Moby releases and implement workarounds, such as blocking incoming VXLAN traffic over default ports, to mitigate risks.

Affected Version(s)

moby >= 1.12.0, < 20.10.24 < 1.12.0, 20.10.24

moby >= 23.0.0, < 23.0.3 < 23.0.0, 23.0.3

References

https://github.com/moby/moby/security/advisories/GHSA-232...
x_refsource_CONFIRM
https://github.com/moby/libnetwork/security/advisories/GH...
x_refsource_MISC
https://github.com/moby/moby/security/advisories/GHSA-33p...
x_refsource_MISC

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2023-28840 : moby/moby's dockerd daemon encrypted overlay network may be unauthenticated | SecurityVulnerability.io