CVE-2014-5282
HIGHDocker < 1.3 - Image ID Validation Bypass via Untrusted Image Loading
Title source: llmDescription
Docker before 1.3 does not properly validate image IDs, which allows remote attackers to redirect to another image through the loading of untrusted images via 'docker load'.
References (2)
Core 2
Core References
Mailing List x_refsource_confirm
https://groups.google.com/forum/#%21msg/docker-announce/aQoVmQlcE0A/smPuBNYf8VwJ
Issue Tracking, Third Party Advisory x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=1168436
Scores
CVSS v3
8.1
EPSS
0.0135
EPSS Percentile
68.1%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Details
CWE
CWE-20
Status
published
Products (1)
docker/docker
< 1.3
Published
Feb 06, 2018
Tracked Since
Feb 18, 2026