The version of docker installed on the remote host is prior to 20.10.7-3. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2ECS-2023-028 advisory.

  - Moby is an open-source project created by Docker to enable software containerization. A bug was found in     Moby (Docker Engine) where attempting to copy files using `docker cp` into a specially-crafted container     can result in Unix file permission changes for existing files in the host's filesystem, widening access to     others. This bug does not directly allow files to be read, modified, or executed without an additional     cooperating process. This bug has been fixed in Moby (Docker Engine) 20.10.9. Users should update to this     version as soon as possible. Running containers do not need to be restarted. (CVE-2021-41089)

  - Moby is an open-source project created by Docker to enable software containerization. A bug was found in     Moby (Docker Engine) where the data directory (typically `/var/lib/docker`) contained subdirectories with     insufficiently restricted permissions, allowing otherwise unprivileged Linux users to traverse directory     contents and execute programs. When containers included executable programs with extended permission bits     (such as `setuid`), unprivileged Linux users could discover and execute those programs. When the UID of an     unprivileged Linux user on the host collided with the file owner or group inside a container, the     unprivileged Linux user on the host could discover, read, and modify those files. This bug has been fixed     in Moby (Docker Engine) 20.10.9. Users should update to this version as soon as possible. Running     containers should be stopped and restarted for the permissions to be fixed. For users unable to upgrade     limit access to the host to trusted users. Limit access to host volumes to trusted containers.
    (CVE-2021-41091)

  - Docker CLI is the command line interface for the docker container runtime. A bug was found in the Docker     CLI where running `docker login my-private-registry.example.com` with a misconfigured configuration file     (typically `~/.docker/config.json`) listing a `credsStore` or `credHelpers` that could not be executed     would result in any provided credentials being sent to `registry-1.docker.io` rather than the intended     private registry. This bug has been fixed in Docker CLI 20.10.9. Users should update to this version as     soon as possible. For users unable to update ensure that any configured credsStore or credHelpers entries     in the configuration file reference an installed credential helper that is executable and on the PATH.
    (CVE-2021-41092)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Detections

Analytics

Amazon Linux 2 : docker (ALASECS-2023-028)

high Nessus Plugin ID 185963

Version 1.3

Version 1.2

Version 1.1

Version 1.0

Version 1.3 Dec 18, 2023, 2:01 PM CVSS metrics ("CVSSv3 score" set to 7.5. "CVSSv3 vector" set to "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N") CVSSv3 score source (changed from "CVE-2021-41091" to none) CVSSv3 severity (based on None, severity increased from "Medium" to "High") Plugin Feed: 202312181401
Version 1.2 Dec 15, 2023, 2:39 PM CVSS metrics ("CVSSv3 score" set to 6.3. "CVSSv3 vector" set to "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L") CVSSv3 score source (set to "CVE-2021-41091") CVSSv3 severity (based on CVE-2021-41091, severity decreased from "High" to "Medium") Plugin Feed: 202312151439
Version 1.1 Nov 21, 2023, 1:14 AM Exploit attributes ("Exploitability ease" changed from "No known exploits are available" to "Exploits are available") Plugin Feed: 202311210114
Version 1.0 Nov 18, 2023, 6:01 AM New Plugin Feed: 202311180601