{"containers": {"cna": {"affected": [{"product": "Docker Engine", "vendor": "Docker", "versions": [{"status": "affected", "version": "before 1.8.3"}]}, {"product": "CS Docker Engine", "vendor": "Docker", "versions": [{"status": "affected", "version": "before 1.6.2-CS7"}]}], "datePublic": "2015-10-12T00:00:00", "descriptions": [{"lang": "en", "value": "Docker Engine before 1.8.3 and CS Docker Engine before 1.6.2-CS7 do not use a globally unique identifier to store image layers, which makes it easier for attackers to poison the image cache via a crafted image in pull or push commands."}], "problemTypes": [{"descriptions": [{"description": "Other", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-12-04T15:05:02", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"tags": ["x_refsource_MISC"], "url": "http://lists.opensuse.org/opensuse-updates/2015-10/msg00036.html"}, {"tags": ["x_refsource_MISC"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00014.html"}, {"tags": ["x_refsource_MISC"], "url": "https://groups.google.com/forum/#%21msg/docker-dev/bWVVtLNbFy8/UaefOqMOCAAJ"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/docker/docker/blob/master/CHANGELOG.md#183-2015-10-12"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://www.docker.com/legal/docker-cve-database"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T13:10:51.117Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-updates/2015-10/msg00036.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00014.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://groups.google.com/forum/#%21msg/docker-dev/bWVVtLNbFy8/UaefOqMOCAAJ"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/docker/docker/blob/master/CHANGELOG.md#183-2015-10-12"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://www.docker.com/legal/docker-cve-database"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2014-8178", "datePublished": "2019-12-04T15:05:02", "dateReserved": "2014-10-10T00:00:00", "dateUpdated": "2024-08-06T13:10:51.117Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:docker:cs_engine:*:*:*:*:*:*:*:*", "matchCriteriaId": "BA627FD7-3005-4B2D-9589-63DCA3160884", "versionEndExcluding": "1.6.2-cs7", "vulnerable": true}, {"criteria": "cpe:2.3:a:docker:docker:*:*:*:*:*:*:*:*", "matchCriteriaId": "3BBB3326-A3DE-4EC3-A451-4C23E08AE9FC", "versionEndExcluding": "1.8.3", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*", "matchCriteriaId": "03117DF1-3BEC-4B8D-AD63-DBBDB2126081", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Docker Engine before 1.8.3 and CS Docker Engine before 1.6.2-CS7 do not use a globally unique identifier to store image layers, which makes it easier for attackers to poison the image cache via a crafted image in pull or push commands."}, {"lang": "es", "value": "Docker Engine versiones anteriores a la versi\u00f3n 1.8.3 y CS Docker Engine versiones anteriores a la versi\u00f3n 1.6.2-CS7, no utilizan un identificador \u00fanico de forma global para almacenar capas de im\u00e1genes, lo que facilita a atacantes envenenar la cach\u00e9 de im\u00e1genes por medio de una imagen especialmente dise\u00f1ada en los comandos pull o push."}], "id": "CVE-2014-8178", "lastModified": "2023-02-13T00:44:26.523", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 1.9, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 3.4, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-12-17T14:15:16.687", "references": [{"source": "secalert@redhat.com", "tags": ["Patch", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00014.html"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-updates/2015-10/msg00036.html"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://github.com/docker/docker/blob/master/CHANGELOG.md#183-2015-10-12"}, {"source": "secalert@redhat.com", "url": "https://groups.google.com/forum/#%21msg/docker-dev/bWVVtLNbFy8/UaefOqMOCAAJ"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "https://www.docker.com/legal/docker-cve-database"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "docker: Attacker controlled layer IDs lead to local graph content poisoning", "id": "1271253", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1271253"}, "csaw": false, "cvss": {"cvss_base_score": "1.2", "cvss_scoring_vector": "AV:L/AC:H/Au:N/C:N/I:P/A:N", "status": "draft"}, "details": ["Docker Engine before 1.8.3 and CS Docker Engine before 1.6.2-CS7 do not use a globally unique identifier to store image layers, which makes it easier for attackers to poison the image cache via a crafted image in pull or push commands."], "name": "CVE-2014-8178", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Will not fix", "package_name": "docker", "product_name": "Red Hat Enterprise Linux 7"}], "public_date": "2015-10-13T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2014-8178\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-8178"], "statement": "This issue is exploitable by malicious Docker images. Red Hat supports images from it's own registry, ISV images certified by the Red Hat certification program, and images using qualified customer content.", "threat_severity": "Low"}