Main Vulnerability Database Vulnerabilities #VU30570

Path traversal in Docker - CVE-2014-9356

Published: December 2, 2019 / Updated: July 17, 2020

Vulnerability identifier: #VU30570

CSH Severity: High

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2014-9356

CWE-ID: CWE-22

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Docker Inc.

Affected software:
Docker

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to manipulate data.

Path traversal vulnerability in Docker before 1.3.3 allows remote attackers to write to arbitrary files and bypass a container protection mechanism via a full pathname in a symlink in an (1) image or (2) build in a Dockerfile.

How to mitigate CVE-2014-9356

Install update from vendor's website.

Sources

http://www.securityfocus.com/archive/1/archive/1/534215/100/0/threaded
https://bugzilla.redhat.com/show_bug.cgi?id=1172761

Path traversal in Docker - CVE-2014-9356

Detailed vulnerability description

How to mitigate CVE-2014-9356

Sources

Please verify you're human