Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
`docker cp` allows unexpected chmod of host files
Vulnerability Description
Moby is an open-source project created by Docker to enable software containerization. A bug was found in Moby (Docker Engine) where attempting to copy files using `docker cp` into a specially-crafted container can result in Unix file permission changes for existing files in the host’s filesystem, widening access to others. This bug does not directly allow files to be read, modified, or executed without an additional cooperating process. This bug has been fixed in Moby (Docker Engine) 20.10.9. Users should update to this version as soon as possible. Running containers do not need to be restarted.
CVSS Information
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N
Vulnerability Type
权限预留不恰当
Vulnerability Title
Docker Engine 安全漏洞
Vulnerability Description
Docker Engine是美国Docker公司的一套轻量级的运行环境和包管理工具。 Docker Engine 存在安全漏洞,该漏洞源于使用docker cp将文件复制到精心编制的容器中可能会导致主机中现有文件的Unix文件权限发生变化。攻击者可利用该漏洞访问受限数据。
CVSS Information
N/A
Vulnerability Type
N/A