Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Moby: Off-by-one error in plugin privilege validation
Vulnerability Description
Moby is an open source container framework. Prior to version 29.3.1, a security vulnerability has been detected that allows plugins privilege validation to be bypassed during docker plugin install. Due to an error in the daemon's privilege comparison logic, the daemon may incorrectly accept a privilege set that differs from the one approved by the user. Plugins that request exactly one privilege are also affected, because no comparison is performed at all. This issue has been patched in version 29.3.1.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N
Vulnerability Type
Off-by-one错误
Vulnerability Title
Moby 安全漏洞
Vulnerability Description
Moby是Moby开源的一个开源项目。旨在推动软件的容器化,并帮助生态系统使容器技术主流化。 Moby 29.3.1之前版本存在安全漏洞,该漏洞源于插件权限验证逻辑错误,可能导致守护进程错误地接受与用户批准不同的权限集。
CVSS Information
N/A
Vulnerability Type
N/A