CVE-2014-6408 — Access Restriction Bypass in Docker in github.com/docker/docker

Description

Docker 1.3.0 through 1.3.1 allows remote attackers to modify the default run profile of image containers and possibly bypass the container by applying unspecified security options to an image.

How to fix CVE-2014-6408

To remediate CVE-2014-6408, upgrade the affected package to a fixed version below.

Debian/docker.io—upgrade to 1.3.2~dfsg1-1 or later
Go/github.com/docker/docker—upgrade to 1.3.2 or later
Go/github.com/docker/docker—upgrade to 1.3.2 or later

Is CVE-2014-6408 being exploited?

Low — EPSS is 1.6%, meaning exploitation activity has not been observed at scale.

Affected packages (3)

from 0, < 1.3.2~dfsg1-1
>= 1.3.0, < 1.3.2
>= 1.3.0, < 1.3.2

References (11)

ADVISORYgithub.com/advisories/GHSA-44gg-pmqr-4669
ADVISORYnvd.nist.gov/vuln/detail/CVE-2014-6408
ADVISORYsecurity-tracker.debian.org/tracker/CVE-2014-6408
WEBdocs.docker.com/v1.3/release-notes
WEB