← Back to CVEs
CVE-2019-0204
HIGH7.8
Description
A specifically crafted Docker image running under the root user can overwrite the init helper binary of the container runtime and/or the command executor in Apache Mesos versions pre-1.4.x, 1.4.0 to 1.4.2, 1.5.0 to 1.5.2, 1.6.0 to 1.6.1, and 1.7.0 to 1.7.1. A malicious actor can therefore gain root-level code execution on the host.
CVE Details
CVSS v3.1 Score7.8
SeverityHIGH
CVSS VectorCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Attack VectorLOCAL
ComplexityLOW
Privileges RequiredNONE
User InteractionREQUIRED
Published3/25/2019
Last Modified11/21/2024
Sourcenvd
Honeypot Sightings0
Affected Products
apache:mesosredhat:fuse
References
http://www.securityfocus.com/bid/107605(security@apache.org)
https://access.redhat.com/errata/RHSA-2019:3892(security@apache.org)
https://lists.apache.org/thread.html/b162dd624dc088cd634292f0402282a1d1d0ce853baeae8205bc033c%40%3Cdev.mesos.apache.org%3E(security@apache.org)
http://www.securityfocus.com/bid/107605(af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHSA-2019:3892(af854a3a-2127-422b-91ae-364da2661108)
https://lists.apache.org/thread.html/b162dd624dc088cd634292f0402282a1d1d0ce853baeae8205bc033c%40%3Cdev.mesos.apache.org%3E(af854a3a-2127-422b-91ae-364da2661108)
IOC Correlations
No correlations recorded
This product uses data from the NVD API but is not endorsed or certified by the NVD.