CVE-2020-14298
Description
The version of docker as released for Red Hat Enterprise Linux 7 Extras via RHBA-2020:0053 advisory included an incorrect version of runc missing the fix for CVE-2019-5736, which was previously fixed via RHSA-2019:0304. This issue could allow a malicious or compromised container to compromise the container host and other containers running on the same host. This issue only affects docker version 1.13.1-108.git4ef4b30.el7, shipped in Red Hat Enterprise Linux 7 Extras. Both earlier and later versions are not affected.
Risk Information
Base Score
8.8
MODERATE
Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
EPSS Score
Exploitation Probability
0.058
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| (RHSA-2020:2653) docker security update docker-1.13.1-162.git64e9980.el7_8.x86_64.rpm | Linux |
| (RHSA-2020:2653) docker security update docker-client-1.13.1-162.git64e9980.el7_8.x86_64.rpm | Linux |
| (RHSA-2020:2653) docker security update docker-common-1.13.1-162.git64e9980.el7_8.x86_64.rpm | Linux |
| (RHSA-2020:2653) docker security update docker-logrotate-1.13.1-162.git64e9980.el7_8.x86_64.rpm | Linux |
| (RHSA-2020:2653) docker security update docker-lvm-plugin-1.13.1-162.git64e9980.el7_8.x86_64.rpm | Linux |
| (RHSA-2020:2653) docker security update docker-novolume-plugin-1.13.1-162.git64e9980.el7_8.x86_64.rpm | Linux |
| (RHSA-2020:2653) docker security update docker-rhel-push-plugin-1.13.1-162.git64e9980.el7_8.x86_64.rpm | Linux |
| (RHSA-2020:2653) docker security update docker-v1.10-migrator-1.13.1-162.git64e9980.el7_8.x86_64.rpm | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234