CVE ID | CVE-2017-10940 |
CVSS SCORE | 9.0, AV:N/AC:L/Au:S/C:C/I:C/A:C |
AFFECTED VENDORS |
Joyent |
AFFECTED PRODUCTS |
Smart Data Center |
VULNERABILITY DETAILS |
The specific flaw exists within the docker API. The process does not properly validate user-supplied data which can allow for the upload of arbitrary files. An attacker can leverage this vulnerability to execute arbitrary code under the context of root. |
ADDITIONAL DETAILS |
Joyent has issued an update to correct this vulnerability. More details can be found at:
https://help.joyent.com/hc/en-us/articles/115009649927-Security-Advisory-ZDI-CAN-3853-Docker-File-Overwrite-Vulnerability |
DISCLOSURE TIMELINE |
|
CREDIT | Ben Murphy |