A file permissions vulnerability was found in Moby (Docker Engine). Copying files by using into a specially-crafted container can result in Unix file permission changes for existing files in the host's filesystem, which might lead to permissions escalation and allow an attacker access to restricted data.
Platform | Package | Release Date | Advisory |
---|---|---|---|
Amazon Linux 1 | docker | 2021-09-30 19:22 | ALAS-2021-1537 |
Amazon Linux 2 - Docker Extra | docker | 2022-03-07 21:54 | ALAS2DOCKER-2022-017 |
Amazon Linux 2 - Ecs Extra | docker | 2023-11-09 20:27 | ALAS2ECS-2023-028 |
Amazon Linux 2 - Aws-nitro-enclaves-cli Extra | docker | 2022-03-07 21:52 | ALAS2NITRO-ENCLAVES-2022-017 |
Score Type | Score | Vector | |
---|---|---|---|
Amazon Linux | CVSSv3 | 5.3 | CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L |
NVD | CVSSv2 | 4.4 | AV:L/AC:M/Au:N/C:P/I:P/A:P |
NVD | CVSSv3 | 2.8 | CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N |