9
CVE-2014-5279
- EPSS 2.45%
- Veröffentlicht 06.02.2018 16:29:00
- Zuletzt bearbeitet 21.11.2024 02:11:46
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
LoginThe Docker daemon managed by boot2docker 1.2 and earlier improperly enables unauthenticated TCP connections by default, which makes it easier for remote attackers to gain privileges or execute arbitrary code from children containers.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Boot2docker ≫ Boot2docker Version <= 1.2
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 2.45% | 0.846 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 8.8 | 2.8 | 5.9 |
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 9 | 8 | 10 |
AV:N/AC:L/Au:S/C:C/I:C/A:C
|
CWE-284 Improper Access Control
The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.