1. CVE-Search
  2. CVE-2020-14298
ID CVE-2020-14298
Summary The version of docker as released for Red Hat Enterprise Linux 7 Extras via RHBA-2020:0053 advisory included an incorrect version of runc missing the fix for CVE-2019-5736, which was previously fixed via RHSA-2019:0304. This issue could allow a malicious or compromised container to compromise the container host and other containers running on the same host. This issue only affects docker version 1.13.1-108.git4ef4b30.el7, shipped in Red Hat Enterprise Linux 7 Extras. Both earlier and later versions are not affected.
References
Vulnerable Configurations
  • cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
  • cpe:2.3:a:docker:docker:1.13.1:*:*:*:*:*:*:*
    cpe:2.3:a:docker:docker:1.13.1:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:openshift_container_platform:3.0:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:openshift_container_platform:3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:openshift_container_platform:3.1:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:openshift_container_platform:3.1:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:openshift_container_platform:3.2:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:openshift_container_platform:3.2:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:openshift_container_platform:3.3:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:openshift_container_platform:3.3:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:openshift_container_platform:3.4:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:openshift_container_platform:3.4:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:openshift_container_platform:3.5:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:openshift_container_platform:3.5:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:openshift_container_platform:3.6:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:openshift_container_platform:3.6:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:openshift_container_platform:3.7:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:openshift_container_platform:3.7:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:openshift_container_platform:3.7.14:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:openshift_container_platform:3.7.14:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:openshift_container_platform:3.7.23:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:openshift_container_platform:3.7.23:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:openshift_container_platform:3.7.42-2:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:openshift_container_platform:3.7.42-2:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:openshift_container_platform:3.7.44:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:openshift_container_platform:3.7.44:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:openshift_container_platform:3.7.46:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:openshift_container_platform:3.7.46:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:openshift_container_platform:3.7.52:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:openshift_container_platform:3.7.52:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:openshift_container_platform:3.7.53:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:openshift_container_platform:3.7.53:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:openshift_container_platform:3.7.54:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:openshift_container_platform:3.7.54:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:openshift_container_platform:3.7.57:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:openshift_container_platform:3.7.57:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:openshift_container_platform:3.7.61:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:openshift_container_platform:3.7.61:*:*:*:*:*:*:*
CVSS
Base: 4.6 (as of 12-02-2023 - 23:39)
Impact:
Exploitability:
CWE CWE-273
CAPEC
Access
VectorComplexityAuthentication
LOCAL LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:L/AC:L/Au:N/C:P/I:P/A:P
redhat via4
rpms
  • docker-2:1.13.1-162.git64e9980.el7_8
  • docker-client-2:1.13.1-162.git64e9980.el7_8
  • docker-common-2:1.13.1-162.git64e9980.el7_8
  • docker-debuginfo-2:1.13.1-162.git64e9980.el7_8
  • docker-logrotate-2:1.13.1-162.git64e9980.el7_8
  • docker-lvm-plugin-2:1.13.1-162.git64e9980.el7_8
  • docker-novolume-plugin-2:1.13.1-162.git64e9980.el7_8
  • docker-rhel-push-plugin-2:1.13.1-162.git64e9980.el7_8
  • docker-v1.10-migrator-2:1.13.1-162.git64e9980.el7_8
refmap via4
confirm
Last major update 12-02-2023 - 23:39
Published 13-07-2020 - 21:15
Last modified 12-02-2023 - 23:39
Back to Top