CVE-2014-0048
Published: 2 January 2020
An issue was found in Docker before 1.6.0. Some programs and scripts in Docker are downloaded via HTTP and then executed or used in unsafe ways.
Priority
Status
Package | Release | Status |
---|---|---|
docker.io Launchpad, Ubuntu, Debian |
lucid |
Does not exist
|
precise |
Does not exist
|
|
trusty |
Released
(1.6.2~dfsg1-1ubuntu4~14.04.1)
|
|
upstream |
Released
(1.5)
|
|
utopic |
Ignored
(end of life)
|
|
vivid |
Ignored
(end of life)
|
|
wily |
Ignored
(end of life)
|
|
xenial |
Released
(1.10.3-0ubuntu6)
|
|
yakkety |
Ignored
(end of life)
|
|
zesty |
Released
(1.12.6-0ubuntu4)
|
Severity score breakdown
Parameter | Value |
---|---|
Base score | 9.8 |
Attack vector | Network |
Attack complexity | Low |
Privileges required | None |
User interaction | None |
Scope | Unchanged |
Confidentiality | High |
Integrity impact | High |
Availability impact | High |
Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |