CVE-2014-5282

Published: 06 February 2018

Docker before 1.3 does not properly validate image IDs, which allows remote attackers to redirect to another image through the loading of untrusted images via 'docker load'.

Priority

Medium

CVSS 3 base score: 8.1

Status

Package Release Status
docker.io
Launchpad, Ubuntu, Debian
Upstream
Released (1.3.0~dfsg1-1)
Ubuntu 16.04 LTS (Xenial Xerus) Not vulnerable
(1.3.0~dfsg1-1)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was not-affected [1.6.2~dfsg1-1ubuntu4~14.04.1])

Notes

AuthorNote
leosilva
fix was released in 1.3 version

References