CVE-2014-5279
HIGHboot2docker < 1.2 - Unauthenticated Privilege Escalation via Docker Daemon TCP Connection
Title source: llmDescription
The Docker daemon managed by boot2docker 1.2 and earlier improperly enables unauthenticated TCP connections by default, which makes it easier for remote attackers to gain privileges or execute arbitrary code from children containers.
References (1)
Core 1
Core References
Mailing List x_refsource_confirm
https://groups.google.com/forum/#%21msg/docker-announce/aQoVmQlcE0A/smPuBNYf8VwJ
Scores
CVSS v3
8.8
EPSS
0.0282
EPSS Percentile
84.9%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-284
Status
published
Products (1)
boot2docker/boot2docker
< 1.2
Published
Feb 06, 2018
Tracked Since
Feb 18, 2026