CVE-2019-0204

HIGH

Description

A specifically crafted Docker image running under the root user can overwrite the init helper binary of the container runtime and/or the command executor in Apache Mesos versions pre-1.4.x, 1.4.0 to 1.4.2, 1.5.0 to 1.5.2, 1.6.0 to 1.6.1, and 1.7.0 to 1.7.1. A malicious actor can therefore gain root-level code execution on the host.

References

http://www.securityfocus.com/bid/107605

https://access.redhat.com/errata/RHSA-2019:3892

https://lists.apache.org/thread.html/[email protected]%3Cdev.mesos.apache.org%3E

Details

Source: MITRE

Published: 2019-03-25

Updated: 2019-11-15

Type: CWE-20

Risk Information

CVSS v2.0

Base Score: 9.3

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Impact Score: 10

Exploitability Score: 8.6

Severity: HIGH

CVSS v3.0

Base Score: 7.8

Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Impact Score: 5.9

Exploitability Score: 1.8

Severity: HIGH

Tenable Plugins

View all (1 total)

IDNameProductFamilySeverity
126188Photon OS 1.0: Mesos PHSA-2019-1.0-0239NessusPhotonOS Local Security Checks
high