CVE-2014-9356

HIGH

Docker < 1.3.3 - Path Traversal and Arbitrary File Write via Symlink in Image or Dockerfile

Title source: llm
STIX 2.1

Description

Path traversal vulnerability in Docker before 1.3.3 allows remote attackers to write to arbitrary files and bypass a container protection mechanism via a full pathname in a symlink in an (1) image or (2) build in a Dockerfile.

References (2)

Core 2
Core References
Broken Link mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/archive/1/534215/100/0/threaded

Scores

CVSS v3 8.6
EPSS 0.0492
EPSS Percentile 91.1%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N

Details

CWE
CWE-22
Status published
Products (2)
docker/docker < 1.3.3
docker/docker 0 - 1.3.3Go
Published Dec 02, 2019
Tracked Since Feb 18, 2026