CVE-2014-5280
HIGHboot2docker < 1.2.0 - Cross-Site Request Forgery via Docker Daemon TCP Connection
Title source: llmDescription
boot2docker 1.2 and earlier allows attackers to conduct cross-site request forgery (CSRF) attacks by leveraging Docker daemons enabling TCP connections without TLS authentication.
References (1)
Core 1
Core References
Mailing List x_refsource_confirm
https://groups.google.com/forum/#%21msg/docker-announce/aQoVmQlcE0A/smPuBNYf8VwJ
Scores
CVSS v3
8.8
EPSS
0.0073
EPSS Percentile
50.0%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Details
CWE
CWE-352
Status
published
Products (1)
boot2docker/boot2docker
< 1.2.0
Published
Feb 06, 2018
Tracked Since
Feb 18, 2026