Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
DC/OS Marathon UI < 1.9.0 Unauthenticated RCE via Docker Mount Abuse
Vulnerability Description
The Marathon UI in DC/OS < 1.9.0 allows unauthenticated users to deploy arbitrary Docker containers. Due to improper restriction of volume mount configurations, attackers can deploy a container that mounts the host's root filesystem (/) with read/write privileges. When using a malicious Docker image, the attacker can write to /etc/cron.d/ on the host, achieving arbitrary code execution with root privileges. This impacts any system where the Docker daemon honors Marathon container configurations without policy enforcement.
CVSS Information
N/A
Vulnerability Type
关键资源的不正确权限授予
Vulnerability Title
D2iQ DC/OS Marathon 安全漏洞
Vulnerability Description
D2iQ DC/OS Marathon是美国D2iQ公司的一款原生任务调度器。 D2iQ DC/OS Marathon1.9.0之前版本存在安全漏洞,该漏洞源于对卷挂载配置的限制不足,可能导致任意Docker容器部署。
CVSS Information
N/A
Vulnerability Type
N/A