Vulnerabilities > CVE-2020-14298 - Improper Check for Dropped Privileges vulnerability in multiple products

CVSS 8.8 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

local

low complexity

redhat

docker

CWE-273

NVD

Published: 2020-07-13

Updated: 2023-02-12

Summary

The version of docker as released for Red Hat Enterprise Linux 7 Extras via RHBA-2020:0053 advisory included an incorrect version of runc missing the fix for CVE-2019-5736, which was previously fixed via RHSA-2019:0304. This issue could allow a malicious or compromised container to compromise the container host and other containers running on the same host. This issue only affects docker version 1.13.1-108.git4ef4b30.el7, shipped in Red Hat Enterprise Linux 7 Extras. Both earlier and later versions are not affected.

Vulnerable Configurations

Part	Description	Count
OS	Redhat Redhat Enterprise Linux Server 7.0	1
Application	Docker Docker Docker 1.13.1	1
Application	Redhat Redhat Openshift Container Platform 3.0 Redhat Openshift Container Platform 3.1 Redhat Openshift Container Platform 3.2 Redhat Openshift Container Platform 3.3 Redhat Openshift Container Platform 3.4 Redhat Openshift Container Platform 3.5 Redhat Openshift Container Platform 3.6 Redhat Openshift Container Platform 3.7 Redhat Openshift Container Platform 3.7.14 Redhat Openshift Container Platform 3.7.23 Redhat Openshift Container Platform 3.7.42-2 Redhat Openshift Container Platform 3.7.44 Redhat Openshift Container Platform 3.7.46 Redhat Openshift Container Platform 3.7.52 Redhat Openshift Container Platform 3.7.53 Redhat Openshift Container Platform 3.7.54 Redhat Openshift Container Platform 3.7.57 Redhat Openshift Container Platform 3.7.61	18

Common Weakness Enumeration (CWE)

CWE-273 - Improper Check for Dropped Privileges

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References