VDB
WID-SEC-W-2023-0246
WID-SEC-W-2023-0246
PUBLISHED
CVSS 9.300000190734863 CRITICAL
Docker ist eine Open-Source-Software, die dazu verwendet werden kann, Anwendungen mithilfe von Betriebssystemvirtualisierung in Containern zu isolieren.
Risk Scores
CVSS 4.0
9.300000190734863
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Amazon Linux 2 | ||
| Open Source docker 20.10.15 build fd82621 |
Exploit Intelligence
- Docker CVE-2022-37708 (github-poc)
- https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-0246.json (circl)
- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-0246 (circl)
- https://alas.aws.amazon.com/AL2/ALASECS-2023-013.html (circl)
- https://alas.aws.amazon.com/AL2/ALASDOCKER-2023-024.html (circl)
- https://alas.aws.amazon.com/AL2/ALASDOCKER-2023-022.html (circl)
- https://alas.aws.amazon.com/AL2/ALASNITRO-ENCLAVES-2023-022.html (circl)
- https://github.com/advisories/GHSA-p779-957q-8gq3 (circl)
- https://github.com/thekevinday/docker_lightman_exploit (circl)
Timeline
- Jan 31, 2023 CVE Published
- Oct 19, 2023 CVE Updated
References
- https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-0246.json advisory
- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-0246 advisory
- https://alas.aws.amazon.com/AL2/ALASECS-2023-013.html url
- https://alas.aws.amazon.com/AL2/ALASDOCKER-2023-024.html url
- https://alas.aws.amazon.com/AL2/ALASDOCKER-2023-022.html url
- https://alas.aws.amazon.com/AL2/ALASNITRO-ENCLAVES-2023-022.html url
- https://github.com/advisories/GHSA-p779-957q-8gq3 url
- https://github.com/thekevinday/docker_lightman_exploit url