CVE-2014-5282

HIGH

Docker < 1.3 - Image ID Validation Bypass via Untrusted Image Loading

Title source: llm
STIX 2.1

Description

Docker before 1.3 does not properly validate image IDs, which allows remote attackers to redirect to another image through the loading of untrusted images via 'docker load'.

References (2)

Core 2
Core References
Issue Tracking, Third Party Advisory x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=1168436

Scores

CVSS v3 8.1
EPSS 0.0135
EPSS Percentile 68.1%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Details

CWE
CWE-20
Status published
Products (1)
docker/docker < 1.3
Published Feb 06, 2018
Tracked Since Feb 18, 2026