Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The SwarmKit toolkit 1.12.0 for Docker allows remote authenticated users to cause a denial of service (prevention of cluster joins) via a long sequence of join and quit actions. NOTE: the vendor disputes this issue, stating that this sequence is not "removing the state that is left by old nodes. At some point the manager obviously stops being able to accept new nodes, since it runs out of memory. Given that both for Docker swarm and for Docker Swarmkit nodes are *required* to provide a secret token (it's actually the only mode of operation), this means that no adversary can simply join nodes and exhaust manager resources. We can't do anything about a manager running out of memory and not being able to add new legitimate nodes to the system. This is merely a resource provisioning issue, and definitely not a CVE worthy vulnerability.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Docker SwarmKit toolkit 安全漏洞
Vulnerability Description
Docker是美国Docker公司的一款开源的应用容器引擎,它支持在Linux系统上创建一个容器(轻量级虚拟机)并部署和运行应用程序,以及通过配置文件实现应用程序的自动化安装、部署和升级。SwarmKit toolkit是其中的一个用于以任何规模编排分布式系统的工具包。 Docker SwarmKit toolkit 1.12.0版本中存在安全漏洞。远程攻击者可通过执行大量的连接和中断操作利用该漏洞造成拒绝服(阻碍集群连接)。
CVSS Information
N/A
Vulnerability Type
N/A