{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2016-10-28T00:00:00.000Z", "descriptions": [{"lang": "en", "value": "Docker Engine 1.12.2 enabled ambient capabilities with misconfigured capability policies. This allowed malicious images to bypass user permissions to access files within the container filesystem or mounted volumes."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-07-27T09:57:01.000Z", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://www.docker.com/docker-cve-database"}, {"name": "94228", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/94228"}, {"name": "1037203", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1037203"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2016-8867", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Docker Engine 1.12.2 enabled ambient capabilities with misconfigured capability policies. This allowed malicious images to bypass user permissions to access files within the container filesystem or mounted volumes."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://www.docker.com/docker-cve-database", "refsource": "CONFIRM", "url": "https://www.docker.com/docker-cve-database"}, {"name": "94228", "refsource": "BID", "url": "http://www.securityfocus.com/bid/94228"}, {"name": "1037203", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1037203"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T02:35:02.197Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://www.docker.com/docker-cve-database"}, {"name": "94228", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/94228"}, {"name": "1037203", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1037203"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2016-8867", "datePublished": "2016-10-28T15:00:00.000Z", "dateReserved": "2016-10-21T00:00:00.000Z", "dateUpdated": "2024-08-06T02:35:02.197Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:docker:docker:1.12.2:*:*:*:*:*:*:*", "matchCriteriaId": "E122F17B-2810-4949-9882-C43779BE2CF2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Docker Engine 1.12.2 enabled ambient capabilities with misconfigured capability policies. This allowed malicious images to bypass user permissions to access files within the container filesystem or mounted volumes."}, {"lang": "es", "value": "Docker Engine 1.12.2 habilit\u00f3 capacidades ambientales con pol\u00edticas de capacidad mal configuradas. Esto permiti\u00f3 a im\u00e1genes maliciosas eludir los permisos de usuario de acceso a archivos dentro del contenedor filesystem o vol\u00famenes montados."}], "id": "CVE-2016-8867", "lastModified": "2025-04-12T10:46:40.837", "metrics": {"cvssMetricV2": [{"acInsufInfo": true, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2016-10-28T15:59:14.047", "references": [{"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/94228"}, {"source": "cve@mitre.org", "url": "http://www.securitytracker.com/id/1037203"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://www.docker.com/docker-cve-database"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/94228"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securitytracker.com/id/1037203"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.docker.com/docker-cve-database"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-264"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2020:2653", "cpe": "cpe:/a:redhat:rhel_extras_other:7", "package": "docker-2:1.13.1-162.git64e9980.el7_8", "product_name": "Red Hat Enterprise Linux 7 Extras", "release_date": "2020-06-23T00:00:00Z"}], "bugzilla": {"description": "docker: Ambient capability usage in containers", "id": "1390163", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1390163"}, "csaw": true, "cvss3": {"cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "status": "verified"}, "details": ["Docker Engine 1.12.2 enabled ambient capabilities with misconfigured capability policies. This allowed malicious images to bypass user permissions to access files within the container filesystem or mounted volumes.", "The runc version as used in docker 1.12.2 was incorrectly setting ambient capabilities for all processes executed inside containers. This caused processes of non-root users to run with unexpected privileges, allowing them to escalate their privileges to root."], "name": "CVE-2016-8867", "public_date": "2016-10-24T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2016-8867\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-8867"], "statement": "This issue only affected a single version of the docker packages as shipped with Red Hat Enterprise Linux 7 Extras - docker-1.13.1-108.git4ef4b30.el7. This version was released on January 8th 2020 via erratum RHBA-2020:0053 and the problem was corrected in version docker-1.13.1-109.gitcccb291.el7_7 released on February 4th 2020 via erratum RHBA-2020:0427. This CVE is listed as fixed in erratum RHSA-2020:2653 released on June 23rd 2020. However, the erratum RHSA-2020:2653 does not provide any new or improved fix compared to RHBA-2020:0427 and it was released to ensure proper visibility of the problem to users and security scanning tools, as the fix was originally released via a non-security bug fix erratum.\nThe current version of OpenShift Container Platform (OCP) 3.11 is not affected because it installs the latest package from the Red Hat Enterprise Linux 7 Extras repository. If on an earlier version of OCP 3.11 be sure to update to a docker package later than 1.13.1-108.git4ef4b30.el7.", "threat_severity": "Important"}

{}