cve-2020-13401

Vulnerability from cvelistv5

Published

2020-06-02 13:42

Modified

2024-08-04 12:18

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00040.html	Broken Link
cve@mitre.org	http://www.openwall.com/lists/oss-security/2020/06/01/5	Mailing List, Third Party Advisory
cve@mitre.org	https://docs.docker.com/engine/release-notes/	Release Notes, Vendor Advisory
cve@mitre.org	https://github.com/docker/docker-ce/releases/tag/v19.03.11	Release Notes, Third Party Advisory
cve@mitre.org	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DN4JQAOXBE3XUNK3FD423LHE3K74EMJT/
cve@mitre.org	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KJZLKRCOJMOGUIJI2AS27BOZS3RBEF3K/
cve@mitre.org	https://security.gentoo.org/glsa/202008-15	Third Party Advisory
cve@mitre.org	https://security.netapp.com/advisory/ntap-20200717-0002/	Third Party Advisory
cve@mitre.org	https://www.debian.org/security/2020/dsa-4716	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00040.html	Broken Link
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2020/06/01/5	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://docs.docker.com/engine/release-notes/	Release Notes, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://github.com/docker/docker-ce/releases/tag/v19.03.11	Release Notes, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DN4JQAOXBE3XUNK3FD423LHE3K74EMJT/
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KJZLKRCOJMOGUIJI2AS27BOZS3RBEF3K/
af854a3a-2127-422b-91ae-364da2661108	https://security.gentoo.org/glsa/202008-15	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20200717-0002/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.debian.org/security/2020/dsa-4716	Third Party Advisory

Impacted products

Vendor

Product

Version

▼

n/a

Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T12:18:17.583Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://docs.docker.com/engine/release-notes/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2020/06/01/5"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/docker/docker-ce/releases/tag/v19.03.11"
          },
          {
            "name": "FEDORA-2020-5ba8c2d9d5",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DN4JQAOXBE3XUNK3FD423LHE3K74EMJT/"
          },
          {
            "name": "FEDORA-2020-6d7deafd81",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KJZLKRCOJMOGUIJI2AS27BOZS3RBEF3K/"
          },
          {
            "name": "openSUSE-SU-2020:0846",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00040.html"
          },
          {
            "name": "DSA-4716",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2020/dsa-4716"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20200717-0002/"
          },
          {
            "name": "GLSA-202008-15",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202008-15"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered in Docker Engine before 19.03.11. An attacker in a container, with the CAP_NET_RAW capability, can craft IPv6 router advertisements, and consequently spoof external IPv6 hosts, obtain sensitive information, or cause a denial of service."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-08-26T23:06:19",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://docs.docker.com/engine/release-notes/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2020/06/01/5"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/docker/docker-ce/releases/tag/v19.03.11"
        },
        {
          "name": "FEDORA-2020-5ba8c2d9d5",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DN4JQAOXBE3XUNK3FD423LHE3K74EMJT/"
        },
        {
          "name": "FEDORA-2020-6d7deafd81",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KJZLKRCOJMOGUIJI2AS27BOZS3RBEF3K/"
        },
        {
          "name": "openSUSE-SU-2020:0846",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00040.html"
        },
        {
          "name": "DSA-4716",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2020/dsa-4716"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20200717-0002/"
        },
        {
          "name": "GLSA-202008-15",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/202008-15"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2020-13401",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An issue was discovered in Docker Engine before 19.03.11. An attacker in a container, with the CAP_NET_RAW capability, can craft IPv6 router advertisements, and consequently spoof external IPv6 hosts, obtain sensitive information, or cause a denial of service."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://docs.docker.com/engine/release-notes/",
              "refsource": "MISC",
              "url": "https://docs.docker.com/engine/release-notes/"
            },
            {
              "name": "http://www.openwall.com/lists/oss-security/2020/06/01/5",
              "refsource": "MISC",
              "url": "http://www.openwall.com/lists/oss-security/2020/06/01/5"
            },
            {
              "name": "https://github.com/docker/docker-ce/releases/tag/v19.03.11",
              "refsource": "CONFIRM",
              "url": "https://github.com/docker/docker-ce/releases/tag/v19.03.11"
            },
            {
              "name": "FEDORA-2020-5ba8c2d9d5",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DN4JQAOXBE3XUNK3FD423LHE3K74EMJT/"
            },
            {
              "name": "FEDORA-2020-6d7deafd81",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KJZLKRCOJMOGUIJI2AS27BOZS3RBEF3K/"
            },
            {
              "name": "openSUSE-SU-2020:0846",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00040.html"
            },
            {
              "name": "DSA-4716",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2020/dsa-4716"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20200717-0002/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20200717-0002/"
            },
            {
              "name": "GLSA-202008-15",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/202008-15"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2020-13401",
    "datePublished": "2020-06-02T13:42:09",
    "dateReserved": "2020-05-22T00:00:00",
    "dateUpdated": "2024-08-04T12:18:17.583Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:docker:engine:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"19.03.11\", \"matchCriteriaId\": \"8733F530-515F-4F65-AE90-8C8824C22F4C\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"80F0FA5D-8D3B-4C0E-81E2-87998286AF33\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"36D96259-24BD-44E2-96D9-78CE1D41F956\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"07B237A9-69A3-4A9C-9DA0-4E06BD37AE73\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:broadcom:sannav:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E5BAE3DB-F5EE-4AFB-A60E-FE8B809BDE66\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"An issue was discovered in Docker Engine before 19.03.11. An attacker in a container, with the CAP_NET_RAW capability, can craft IPv6 router advertisements, and consequently spoof external IPv6 hosts, obtain sensitive information, or cause a denial of service.\"}, {\"lang\": \"es\", \"value\": \"Se detect\\u00f3 un problema en Docker Engine versiones anteriores a 19.03.11. Un atacante en un contenedor, con la capacidad CAP_NET_RAW, puede dise\\u00f1ar anuncios de router IPv6, y en consecuencia falsificar hosts IPv6 externos, obtener informaci\\u00f3n confidencial o causar una denegaci\\u00f3n de servicio.\"}]",
      "id": "CVE-2020-13401",
      "lastModified": "2024-11-21T05:01:11.040",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L\", \"baseScore\": 6.0, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"HIGH\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"CHANGED\", \"confidentialityImpact\": \"LOW\", \"integrityImpact\": \"LOW\", \"availabilityImpact\": \"LOW\"}, \"exploitabilityScore\": 1.8, \"impactScore\": 3.7}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:S/C:P/I:P/A:P\", \"baseScore\": 6.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"SINGLE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 6.8, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2020-06-02T14:15:10.770",
      "references": "[{\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00040.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Broken Link\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2020/06/01/5\", \"source\": \"cve@mitre.org\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://docs.docker.com/engine/release-notes/\", \"source\": \"cve@mitre.org\", \"tags\": [\"Release Notes\", \"Vendor Advisory\"]}, {\"url\": \"https://github.com/docker/docker-ce/releases/tag/v19.03.11\", \"source\": \"cve@mitre.org\", \"tags\": [\"Release Notes\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DN4JQAOXBE3XUNK3FD423LHE3K74EMJT/\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KJZLKRCOJMOGUIJI2AS27BOZS3RBEF3K/\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://security.gentoo.org/glsa/202008-15\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20200717-0002/\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.debian.org/security/2020/dsa-4716\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00040.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Broken Link\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2020/06/01/5\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://docs.docker.com/engine/release-notes/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Release Notes\", \"Vendor Advisory\"]}, {\"url\": \"https://github.com/docker/docker-ce/releases/tag/v19.03.11\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Release Notes\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DN4JQAOXBE3XUNK3FD423LHE3K74EMJT/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KJZLKRCOJMOGUIJI2AS27BOZS3RBEF3K/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://security.gentoo.org/glsa/202008-15\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20200717-0002/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.debian.org/security/2020/dsa-4716\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-20\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2020-13401\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2020-06-02T14:15:10.770\",\"lastModified\":\"2024-11-21T05:01:11.040\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"An issue was discovered in Docker Engine before 19.03.11. An attacker in a container, with the CAP_NET_RAW capability, can craft IPv6 router advertisements, and consequently spoof external IPv6 hosts, obtain sensitive information, or cause a denial of service.\"},{\"lang\":\"es\",\"value\":\"Se detect\u00f3 un problema en Docker Engine versiones anteriores a 19.03.11. Un atacante en un contenedor, con la capacidad CAP_NET_RAW, puede dise\u00f1ar anuncios de router IPv6, y en consecuencia falsificar hosts IPv6 externos, obtener informaci\u00f3n confidencial o causar una denegaci\u00f3n de servicio.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L\",\"baseScore\":6.0,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":1.8,\"impactScore\":3.7}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:S/C:P/I:P/A:P\",\"baseScore\":6.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":6.8,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-20\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:docker:engine:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"19.03.11\",\"matchCriteriaId\":\"8733F530-515F-4F65-AE90-8C8824C22F4C\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"80F0FA5D-8D3B-4C0E-81E2-87998286AF33\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"36D96259-24BD-44E2-96D9-78CE1D41F956\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"07B237A9-69A3-4A9C-9DA0-4E06BD37AE73\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:broadcom:sannav:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E5BAE3DB-F5EE-4AFB-A60E-FE8B809BDE66\"}]}]}],\"references\":[{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00040.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2020/06/01/5\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://docs.docker.com/engine/release-notes/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://github.com/docker/docker-ce/releases/tag/v19.03.11\",\"source\":\"cve@mitre.org\",\"tags\":[\"Release Notes\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DN4JQAOXBE3XUNK3FD423LHE3K74EMJT/\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KJZLKRCOJMOGUIJI2AS27BOZS3RBEF3K/\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://security.gentoo.org/glsa/202008-15\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20200717-0002/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2020/dsa-4716\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00040.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2020/06/01/5\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://docs.docker.com/engine/release-notes/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://github.com/docker/docker-ce/releases/tag/v19.03.11\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DN4JQAOXBE3XUNK3FD423LHE3K74EMJT/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KJZLKRCOJMOGUIJI2AS27BOZS3RBEF3K/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://security.gentoo.org/glsa/202008-15\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20200717-0002/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2020/dsa-4716\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}"
  }
}

gsd-2020-13401

Vulnerability from gsd

Modified

2023-12-13 01:21

Details

Aliases

CVE-2020-13401

Aliases

CVE-2020-13401

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2020-13401",
    "description": "An issue was discovered in Docker Engine before 19.03.11. An attacker in a container, with the CAP_NET_RAW capability, can craft IPv6 router advertisements, and consequently spoof external IPv6 hosts, obtain sensitive information, or cause a denial of service.",
    "id": "GSD-2020-13401",
    "references": [
      "https://www.suse.com/security/cve/CVE-2020-13401.html",
      "https://www.debian.org/security/2020/dsa-4716",
      "https://advisories.mageia.org/CVE-2020-13401.html",
      "https://alas.aws.amazon.com/cve/html/CVE-2020-13401.html",
      "https://linux.oracle.com/cve/CVE-2020-13401.html"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2020-13401"
      ],
      "details": "An issue was discovered in Docker Engine before 19.03.11. An attacker in a container, with the CAP_NET_RAW capability, can craft IPv6 router advertisements, and consequently spoof external IPv6 hosts, obtain sensitive information, or cause a denial of service.",
      "id": "GSD-2020-13401",
      "modified": "2023-12-13T01:21:47.243963Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2020-13401",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "An issue was discovered in Docker Engine before 19.03.11. An attacker in a container, with the CAP_NET_RAW capability, can craft IPv6 router advertisements, and consequently spoof external IPv6 hosts, obtain sensitive information, or cause a denial of service."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://docs.docker.com/engine/release-notes/",
            "refsource": "MISC",
            "url": "https://docs.docker.com/engine/release-notes/"
          },
          {
            "name": "http://www.openwall.com/lists/oss-security/2020/06/01/5",
            "refsource": "MISC",
            "url": "http://www.openwall.com/lists/oss-security/2020/06/01/5"
          },
          {
            "name": "https://github.com/docker/docker-ce/releases/tag/v19.03.11",
            "refsource": "CONFIRM",
            "url": "https://github.com/docker/docker-ce/releases/tag/v19.03.11"
          },
          {
            "name": "FEDORA-2020-5ba8c2d9d5",
            "refsource": "FEDORA",
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DN4JQAOXBE3XUNK3FD423LHE3K74EMJT/"
          },
          {
            "name": "FEDORA-2020-6d7deafd81",
            "refsource": "FEDORA",
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KJZLKRCOJMOGUIJI2AS27BOZS3RBEF3K/"
          },
          {
            "name": "openSUSE-SU-2020:0846",
            "refsource": "SUSE",
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00040.html"
          },
          {
            "name": "DSA-4716",
            "refsource": "DEBIAN",
            "url": "https://www.debian.org/security/2020/dsa-4716"
          },
          {
            "name": "https://security.netapp.com/advisory/ntap-20200717-0002/",
            "refsource": "CONFIRM",
            "url": "https://security.netapp.com/advisory/ntap-20200717-0002/"
          },
          {
            "name": "GLSA-202008-15",
            "refsource": "GENTOO",
            "url": "https://security.gentoo.org/glsa/202008-15"
          }
        ]
      }
    },
    "gitlab.com": {
      "advisories": [
        {
          "affected_range": "\u003cv19.03.11",
          "affected_versions": "All versions before 19.03.11",
          "cvss_v2": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
          "cvss_v3": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L",
          "cwe_ids": [
            "CWE-1035",
            "CWE-20",
            "CWE-937"
          ],
          "date": "2022-04-12",
          "description": "An issue was discovered in Docker Engine before 19.03.11. An attacker in a container, with the CAP_NET_RAW capability, can craft IPv6 router advertisements, and consequently spoof external IPv6 hosts, obtain sensitive information, or cause a denial of service.",
          "fixed_versions": [
            "v19.03.11"
          ],
          "identifier": "CVE-2020-13401",
          "identifiers": [
            "GHSA-qrrc-ww9x-r43g",
            "CVE-2020-13401"
          ],
          "not_impacted": "All versions starting from 19.03.11",
          "package_slug": "go/github.com/docker/docker-ce",
          "pubdate": "2022-02-15",
          "solution": "Upgrade to version 19.03.11 or above.",
          "title": "Improper Input Validation",
          "urls": [
            "https://nvd.nist.gov/vuln/detail/CVE-2020-13401",
            "https://docs.docker.com/engine/release-notes/",
            "https://github.com/docker/docker-ce/releases/tag/v19.03.11",
            "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DN4JQAOXBE3XUNK3FD423LHE3K74EMJT/",
            "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KJZLKRCOJMOGUIJI2AS27BOZS3RBEF3K/",
            "https://security.gentoo.org/glsa/202008-15",
            "https://security.netapp.com/advisory/ntap-20200717-0002/",
            "https://www.debian.org/security/2020/dsa-4716",
            "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00040.html",
            "http://www.openwall.com/lists/oss-security/2020/06/01/5",
            "https://github.com/advisories/GHSA-qrrc-ww9x-r43g"
          ],
          "uuid": "8dc17915-e5f9-48b7-b552-64230f30c5e7",
          "versions": [
            {
              "commit": {
                "sha": "1d3ea1afb29ba7e19796de9cdb7b19e649b21b8e",
                "tags": [
                  "v19.03.11"
                ],
                "timestamp": "20200601085955"
              },
              "number": "v19.03.11"
            }
          ]
        }
      ]
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:docker:engine:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "19.03.11",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:broadcom:sannav:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2020-13401"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "An issue was discovered in Docker Engine before 19.03.11. An attacker in a container, with the CAP_NET_RAW capability, can craft IPv6 router advertisements, and consequently spoof external IPv6 hosts, obtain sensitive information, or cause a denial of service."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-20"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://docs.docker.com/engine/release-notes/",
              "refsource": "MISC",
              "tags": [
                "Release Notes",
                "Vendor Advisory"
              ],
              "url": "https://docs.docker.com/engine/release-notes/"
            },
            {
              "name": "http://www.openwall.com/lists/oss-security/2020/06/01/5",
              "refsource": "MISC",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2020/06/01/5"
            },
            {
              "name": "https://github.com/docker/docker-ce/releases/tag/v19.03.11",
              "refsource": "CONFIRM",
              "tags": [
                "Release Notes",
                "Third Party Advisory"
              ],
              "url": "https://github.com/docker/docker-ce/releases/tag/v19.03.11"
            },
            {
              "name": "FEDORA-2020-6d7deafd81",
              "refsource": "FEDORA",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KJZLKRCOJMOGUIJI2AS27BOZS3RBEF3K/"
            },
            {
              "name": "FEDORA-2020-5ba8c2d9d5",
              "refsource": "FEDORA",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DN4JQAOXBE3XUNK3FD423LHE3K74EMJT/"
            },
            {
              "name": "openSUSE-SU-2020:0846",
              "refsource": "SUSE",
              "tags": [
                "Broken Link"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00040.html"
            },
            {
              "name": "DSA-4716",
              "refsource": "DEBIAN",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://www.debian.org/security/2020/dsa-4716"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20200717-0002/",
              "refsource": "CONFIRM",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://security.netapp.com/advisory/ntap-20200717-0002/"
            },
            {
              "name": "GLSA-202008-15",
              "refsource": "GENTOO",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://security.gentoo.org/glsa/202008-15"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.0,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 6.8,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 6.0,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L",
            "version": "3.1"
          },
          "exploitabilityScore": 1.8,
          "impactScore": 3.7
        }
      },
      "lastModifiedDate": "2023-03-01T16:48Z",
      "publishedDate": "2020-06-02T14:15Z"
    }
  }
}

ghsa-qrrc-ww9x-r43g

Vulnerability from github

Published

2022-02-15 01:57

Modified

2023-03-02 20:00

Severity ?

6.0 (Medium) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L

Summary

Improper Input Validation in Docker Engine

Details

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/docker/docker-ce"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "19.03.11"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2020-13401"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-20"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2021-05-14T16:27:26Z",
    "nvd_published_at": "2020-06-02T14:15:00Z",
    "severity": "MODERATE"
  },
  "details": "An issue was discovered in Docker Engine before 19.03.11. An attacker in a container, with the CAP_NET_RAW capability, can craft IPv6 router advertisements, and consequently spoof external IPv6 hosts, obtain sensitive information, or cause a denial of service.",
  "id": "GHSA-qrrc-ww9x-r43g",
  "modified": "2023-03-02T20:00:40Z",
  "published": "2022-02-15T01:57:18Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-13401"
    },
    {
      "type": "WEB",
      "url": "https://docs.docker.com/engine/release-notes"
    },
    {
      "type": "WEB",
      "url": "https://github.com/docker/docker-ce/releases/tag/v19.03.11"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DN4JQAOXBE3XUNK3FD423LHE3K74EMJT"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KJZLKRCOJMOGUIJI2AS27BOZS3RBEF3K"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/202008-15"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20200717-0002"
    },
    {
      "type": "WEB",
      "url": "https://www.debian.org/security/2020/dsa-4716"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00040.html"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2020/06/01/5"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Improper Input Validation in Docker Engine"
}

An issue was discovered in Docker Engine before 19.03.11. An attacker in a container, with the CAP_NET_RAW capability, can craft IPv6 router advertisements, and consequently spoof external IPv6 hosts, obtain sensitive information, or cause a denial of service. Docker Engine There is an input verification vulnerability in.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202008-15

                                       https://security.gentoo.org/

Severity: Normal Title: Docker: Information disclosure Date: August 26, 2020 Bugs: #729208 ID: 202008-15

Synopsis

A flaw in Docker allowed possible information leakage.

Background

Docker is the world’s leading software containerization platform.

Affected packages

-------------------------------------------------------------------
 Package              /     Vulnerable     /            Unaffected
-------------------------------------------------------------------

1 app-emulation/docker < 19.03.12 >= 19.03.12

Description

It was found that Docker created network bridges which by default accept IPv6 router advertisements.

Workaround

There is no known workaround at this time.

Resolution

All Docker users should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot --verbose ">=app-emulation/docker-19.03.12"

References

[ 1 ] CVE-2020-13401 https://nvd.nist.gov/vuln/detail/CVE-2020-13401

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

https://security.gentoo.org/glsa/202008-15

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.

License

The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5 .

For the stable distribution (buster), this problem has been fixed in version 18.09.1+dfsg1-7.1+deb10u2.

We recommend that you upgrade your docker.io packages.

For the detailed security status of docker.io please refer to its security tracker page at: https://security-tracker.debian.org/tracker/docker.io

Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAl7+KBwACgkQEMKTtsN8 TjbyYBAAg+O+0IgB1qBQyB11lKb7t0MGrqo35/MOnYgQK8jbcqBGPQ0eDAfU9z7R C7ixPlMZvu90S+pXNonfOTCwZQ+UrlSzM6wc2HNI2mjp+BId0rpPtxIqr1hcDNGz IAu+hqxFEZhTu6+olK5qyXCRbz38d2Kg/8uS8YznO6IEvhcAjygnSGRR9EfsaC4R jYMD3tJ8vUgEkJRZmZucicCswqC8WczN8a6fHH6Glbs3eIT2vlFINhFZM8PWQ4E/ vtjf8+JPkfrTe7Y2/SMnBkE082gS1/WjYrKXj8RAMJ2M2Y61O9RdGX+wD3NOwjS0 /6PVf2T9+/QbNAQrQFGcnw3uvsSbSiFgaFGhGuI+DJ6yJfrgXSO1Iis9wrCZ0DlK MLJrDP+u+ZQm7U6GNYNiwBnHocl9s4cYNhTj5QaEM76O51Wt2MVuj4t777W9Zdp9 Jt1lFwHJb1KHizYSxySEp3AJcAcSXv89JA2dxtSdEZGojaPoXouRfXqvybWNu2hP wvpWqYeRHlXw32kpq7xrb1uEMkMBlkh6O/d8JeNpFI/Hd3Cl610JbGIYLhTK5A9w m5q4nGADFF0SDEFQmZEVKFJNIlIQKX7MspdAc7nPBfGWQ8Xhttx4Vag0z6HvSxDS ST2wwG0W5O4NNjr3ibdm6JpEgGcZjWDPgqFSH5UkKgDC712SyUc= =vIL3 -----END PGP SIGNATURE-----

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202006-0429",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "fedora",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fedoraproject",
        "version": "32"
      },
      {
        "model": "sannav",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "broadcom",
        "version": null
      },
      {
        "model": "fedora",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fedoraproject",
        "version": "31"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "debian",
        "version": "10.0"
      },
      {
        "model": "engine",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "docker",
        "version": "19.03.11"
      },
      {
        "model": "engine",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "docker",
        "version": "19.03.11"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-005933"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-13401"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:docker:engine:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "19.03.11",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:broadcom:sannav:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2020-13401"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Gentoo",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "158980"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202006-073"
      }
    ],
    "trust": 0.7
  },
  "cve": "CVE-2020-13401",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 6.8,
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Medium",
            "accessVector": "Network",
            "authentication": "Single",
            "author": "NVD",
            "availabilityImpact": "Partial",
            "baseScore": 6.0,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "JVNDB-2020-005933",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "author": "VULMON",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 6.8,
            "id": "CVE-2020-13401",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "MEDIUM",
            "trust": 0.1,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "LOW",
            "baseScore": 6.0,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "exploitabilityScore": 1.8,
            "impactScore": 3.7,
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L",
            "version": "3.1"
          },
          {
            "attackComplexity": "High",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "Low",
            "baseScore": 6.0,
            "baseSeverity": "Medium",
            "confidentialityImpact": "Low",
            "exploitabilityScore": null,
            "id": "JVNDB-2020-005933",
            "impactScore": null,
            "integrityImpact": "Low",
            "privilegesRequired": "Low",
            "scope": "Changed",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2020-13401",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "NVD",
            "id": "JVNDB-2020-005933",
            "trust": 0.8,
            "value": "Medium"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202006-073",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULMON",
            "id": "CVE-2020-13401",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2020-13401"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-005933"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202006-073"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-13401"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "An issue was discovered in Docker Engine before 19.03.11. An attacker in a container, with the CAP_NET_RAW capability, can craft IPv6 router advertisements, and consequently spoof external IPv6 hosts, obtain sensitive information, or cause a denial of service. Docker Engine There is an input verification vulnerability in.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory                           GLSA 202008-15\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n                                           https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n    Title: Docker: Information disclosure\n     Date: August 26, 2020\n     Bugs: #729208\n       ID: 202008-15\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nA flaw in Docker allowed possible information leakage. \n\nBackground\n==========\n\nDocker is the world\u2019s leading software containerization platform. \n\nAffected packages\n=================\n\n    -------------------------------------------------------------------\n     Package              /     Vulnerable     /            Unaffected\n    -------------------------------------------------------------------\n  1  app-emulation/docker        \u003c 19.03.12               \u003e= 19.03.12\n\nDescription\n===========\n\nIt was found that Docker created network bridges which by default\naccept IPv6 router advertisements. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll Docker users should upgrade to the latest version:\n\n  # emerge --sync\n  # emerge --ask --oneshot --verbose \"\u003e=app-emulation/docker-19.03.12\"\n\nReferences\n==========\n\n[ 1 ] CVE-2020-13401\n      https://nvd.nist.gov/vuln/detail/CVE-2020-13401\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/202008-15\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2020 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n. \n\nFor the stable distribution (buster), this problem has been fixed in\nversion 18.09.1+dfsg1-7.1+deb10u2. \n\nWe recommend that you upgrade your docker.io packages. \n\nFor the detailed security status of docker.io please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/docker.io\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAl7+KBwACgkQEMKTtsN8\nTjbyYBAAg+O+0IgB1qBQyB11lKb7t0MGrqo35/MOnYgQK8jbcqBGPQ0eDAfU9z7R\nC7ixPlMZvu90S+pXNonfOTCwZQ+UrlSzM6wc2HNI2mjp+BId0rpPtxIqr1hcDNGz\nIAu+hqxFEZhTu6+olK5qyXCRbz38d2Kg/8uS8YznO6IEvhcAjygnSGRR9EfsaC4R\njYMD3tJ8vUgEkJRZmZucicCswqC8WczN8a6fHH6Glbs3eIT2vlFINhFZM8PWQ4E/\nvtjf8+JPkfrTe7Y2/SMnBkE082gS1/WjYrKXj8RAMJ2M2Y61O9RdGX+wD3NOwjS0\n/6PVf2T9+/QbNAQrQFGcnw3uvsSbSiFgaFGhGuI+DJ6yJfrgXSO1Iis9wrCZ0DlK\nMLJrDP+u+ZQm7U6GNYNiwBnHocl9s4cYNhTj5QaEM76O51Wt2MVuj4t777W9Zdp9\nJt1lFwHJb1KHizYSxySEp3AJcAcSXv89JA2dxtSdEZGojaPoXouRfXqvybWNu2hP\nwvpWqYeRHlXw32kpq7xrb1uEMkMBlkh6O/d8JeNpFI/Hd3Cl610JbGIYLhTK5A9w\nm5q4nGADFF0SDEFQmZEVKFJNIlIQKX7MspdAc7nPBfGWQ8Xhttx4Vag0z6HvSxDS\nST2wwG0W5O4NNjr3ibdm6JpEgGcZjWDPgqFSH5UkKgDC712SyUc=\n=vIL3\n-----END PGP SIGNATURE-----\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2020-13401"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-005933"
      },
      {
        "db": "VULMON",
        "id": "CVE-2020-13401"
      },
      {
        "db": "PACKETSTORM",
        "id": "158980"
      },
      {
        "db": "PACKETSTORM",
        "id": "168872"
      }
    ],
    "trust": 1.89
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2020-13401",
        "trust": 2.7
      },
      {
        "db": "OPENWALL",
        "id": "OSS-SECURITY/2020/06/01/5",
        "trust": 1.7
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-005933",
        "trust": 0.8
      },
      {
        "db": "PACKETSTORM",
        "id": "158980",
        "trust": 0.7
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2020.2291",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2020.2455",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202006-073",
        "trust": 0.6
      },
      {
        "db": "VULMON",
        "id": "CVE-2020-13401",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "168872",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2020-13401"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-005933"
      },
      {
        "db": "PACKETSTORM",
        "id": "158980"
      },
      {
        "db": "PACKETSTORM",
        "id": "168872"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202006-073"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-13401"
      }
    ]
  },
  "id": "VAR-202006-0429",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.625
  },
  "last_update_date": "2024-02-13T01:56:21.587000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Docker Engine release notes",
        "trust": 0.8,
        "url": "https://docs.docker.com/engine/release-notes/"
      },
      {
        "title": "19.03.11",
        "trust": 0.8,
        "url": "https://github.com/docker/docker-ce/releases/tag/v19.03.11"
      },
      {
        "title": "Docker Engine Enter the fix for the verification error vulnerability",
        "trust": 0.6,
        "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=121128"
      },
      {
        "title": "Debian CVElist Bug Report Logs: docker.io: CVE-2020-13401",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=087e69ea0b29836f02749d216abff19f"
      },
      {
        "title": "Debian Security Advisories: DSA-4716-1 docker.io -- security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=ce0915ae3e47fbdac9f83db65fc23697"
      },
      {
        "title": "Amazon Linux AMI: ALAS-2020-1376",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2020-1376"
      },
      {
        "title": "Amazon Linux 2: ALAS2DOCKER-2021-002",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=alas2docker-2021-002"
      },
      {
        "title": "Amazon Linux 2: ALAS2NITRO-ENCLAVES-2021-002",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=alas2nitro-enclaves-2021-002"
      },
      {
        "title": "CVE-2020-13401 Study",
        "trust": 0.1,
        "url": "https://github.com/mmzaeimi/cve-2020-13401 "
      },
      {
        "title": "CVE-2020-13401 Study",
        "trust": 0.1,
        "url": "https://github.com/mmzaeimi/docker-container-cve-2020-13401 "
      },
      {
        "title": "Awesome Cloud Native Security \ud83d\udc3f",
        "trust": 0.1,
        "url": "https://github.com/reni2study/cloud-native-security2 "
      },
      {
        "title": "Awesome Cloud Native Security \ud83d\udc3f",
        "trust": 0.1,
        "url": "https://github.com/atesemre/awesome-cloud-native-security "
      },
      {
        "title": "Awesome Cloud Native Security \ud83d\udc3f",
        "trust": 0.1,
        "url": "https://github.com/brant-ruan/awesome-cloud-native-security "
      },
      {
        "title": "Awesome Cloud Native Security \ud83d\udc3f",
        "trust": 0.1,
        "url": "https://github.com/metarget/awesome-cloud-native-security "
      },
      {
        "title": "PoC in GitHub",
        "trust": 0.1,
        "url": "https://github.com/soosmile/poc "
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2020-13401"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-005933"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202006-073"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-20",
        "trust": 1.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-005933"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-13401"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.8,
        "url": "https://www.debian.org/security/2020/dsa-4716"
      },
      {
        "trust": 1.8,
        "url": "https://security.gentoo.org/glsa/202008-15"
      },
      {
        "trust": 1.7,
        "url": "https://docs.docker.com/engine/release-notes/"
      },
      {
        "trust": 1.7,
        "url": "http://www.openwall.com/lists/oss-security/2020/06/01/5"
      },
      {
        "trust": 1.7,
        "url": "https://github.com/docker/docker-ce/releases/tag/v19.03.11"
      },
      {
        "trust": 1.7,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00040.html"
      },
      {
        "trust": 1.7,
        "url": "https://security.netapp.com/advisory/ntap-20200717-0002/"
      },
      {
        "trust": 1.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-13401"
      },
      {
        "trust": 1.1,
        "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/dn4jqaoxbe3xunk3fd423lhe3k74emjt/"
      },
      {
        "trust": 1.1,
        "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/kjzlkrcojmoguiji2as27bozs3rbef3k/"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-13401"
      },
      {
        "trust": 0.6,
        "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/kjzlkrcojmoguiji2as27bozs3rbef3k/"
      },
      {
        "trust": 0.6,
        "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/dn4jqaoxbe3xunk3fd423lhe3k74emjt/"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/158980/gentoo-linux-security-advisory-202008-15.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/support/pages/node/6455281"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-docker-affects-ibm-infosphere-information-server/"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2020.2291/"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/blogs/psirt/security-bulletin-spectrum-discover-has-addressed-multiple-security-vulnerabilities-cve-2020-13401-cve-2019-20372-2/"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-private-is-vulnerable-to-a-docker-vulnerability-cve-2020-13401/"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-docker-affects-cloud-pak-sytem-cve-2020-13401/"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2020.2455/"
      },
      {
        "trust": 0.6,
        "url": "https://vigilance.fr/vulnerability/docker-engine-man-in-the-middle-via-ipv6-router-advertisement-32394"
      },
      {
        "trust": 0.6,
        "url": "https://access.redhat.com/security/cve/cve-2020-13401"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/blogs/psirt/security-bulletin-docker-vulnerability-affects-ibm-spectrum-protect-plus-cve-2020-13401/"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-multiple-vulnerabilities-6/"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-multiple-vulnerabilities-4/"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-multiple-vulnerabilities-5/"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/20.html"
      },
      {
        "trust": 0.1,
        "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=962141"
      },
      {
        "trust": 0.1,
        "url": "https://github.com/mmzaeimi/cve-2020-13401"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://creativecommons.org/licenses/by-sa/2.5"
      },
      {
        "trust": 0.1,
        "url": "https://security.gentoo.org/"
      },
      {
        "trust": 0.1,
        "url": "https://bugs.gentoo.org."
      },
      {
        "trust": 0.1,
        "url": "https://www.debian.org/security/"
      },
      {
        "trust": 0.1,
        "url": "https://security-tracker.debian.org/tracker/docker.io"
      },
      {
        "trust": 0.1,
        "url": "https://www.debian.org/security/faq"
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2020-13401"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-005933"
      },
      {
        "db": "PACKETSTORM",
        "id": "158980"
      },
      {
        "db": "PACKETSTORM",
        "id": "168872"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202006-073"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-13401"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULMON",
        "id": "CVE-2020-13401"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-005933"
      },
      {
        "db": "PACKETSTORM",
        "id": "158980"
      },
      {
        "db": "PACKETSTORM",
        "id": "168872"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202006-073"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-13401"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2020-06-02T00:00:00",
        "db": "VULMON",
        "id": "CVE-2020-13401"
      },
      {
        "date": "2020-06-25T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2020-005933"
      },
      {
        "date": "2020-08-27T15:24:35",
        "db": "PACKETSTORM",
        "id": "158980"
      },
      {
        "date": "2020-07-28T19:12:00",
        "db": "PACKETSTORM",
        "id": "168872"
      },
      {
        "date": "2020-06-01T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202006-073"
      },
      {
        "date": "2020-06-02T14:15:10.770000",
        "db": "NVD",
        "id": "CVE-2020-13401"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2023-11-07T00:00:00",
        "db": "VULMON",
        "id": "CVE-2020-13401"
      },
      {
        "date": "2020-06-25T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2020-005933"
      },
      {
        "date": "2023-03-02T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202006-073"
      },
      {
        "date": "2023-11-07T03:16:40.040000",
        "db": "NVD",
        "id": "CVE-2020-13401"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202006-073"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Docker Engine Input verification vulnerability in",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-005933"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "input validation error",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202006-073"
      }
    ],
    "trust": 0.6
  }
}

cve-2020-13401

Vulnerability from fkie_nvd

Published

2020-06-02 14:15

Modified

2024-11-21 05:01

Severity ?

6.0 (Medium) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L

Summary

References

URL	Tags
cve@mitre.org	http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00040.html	Broken Link
cve@mitre.org	http://www.openwall.com/lists/oss-security/2020/06/01/5	Mailing List, Third Party Advisory
cve@mitre.org	https://docs.docker.com/engine/release-notes/	Release Notes, Vendor Advisory
cve@mitre.org	https://github.com/docker/docker-ce/releases/tag/v19.03.11	Release Notes, Third Party Advisory
cve@mitre.org	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DN4JQAOXBE3XUNK3FD423LHE3K74EMJT/
cve@mitre.org	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KJZLKRCOJMOGUIJI2AS27BOZS3RBEF3K/
cve@mitre.org	https://security.gentoo.org/glsa/202008-15	Third Party Advisory
cve@mitre.org	https://security.netapp.com/advisory/ntap-20200717-0002/	Third Party Advisory
cve@mitre.org	https://www.debian.org/security/2020/dsa-4716	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00040.html	Broken Link
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2020/06/01/5	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://docs.docker.com/engine/release-notes/	Release Notes, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://github.com/docker/docker-ce/releases/tag/v19.03.11	Release Notes, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DN4JQAOXBE3XUNK3FD423LHE3K74EMJT/
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KJZLKRCOJMOGUIJI2AS27BOZS3RBEF3K/
af854a3a-2127-422b-91ae-364da2661108	https://security.gentoo.org/glsa/202008-15	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20200717-0002/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.debian.org/security/2020/dsa-4716	Third Party Advisory

Impacted products

Vendor	Product	Version
docker	engine	*
fedoraproject	fedora	31
fedoraproject	fedora	32
debian	debian_linux	10.0
broadcom	sannav	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:docker:engine:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8733F530-515F-4F65-AE90-8C8824C22F4C",
              "versionEndExcluding": "19.03.11",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*",
              "matchCriteriaId": "80F0FA5D-8D3B-4C0E-81E2-87998286AF33",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*",
              "matchCriteriaId": "36D96259-24BD-44E2-96D9-78CE1D41F956",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:broadcom:sannav:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E5BAE3DB-F5EE-4AFB-A60E-FE8B809BDE66",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An issue was discovered in Docker Engine before 19.03.11. An attacker in a container, with the CAP_NET_RAW capability, can craft IPv6 router advertisements, and consequently spoof external IPv6 hosts, obtain sensitive information, or cause a denial of service."
    },
    {
      "lang": "es",
      "value": "Se detect\u00f3 un problema en Docker Engine versiones anteriores a 19.03.11. Un atacante en un contenedor, con la capacidad CAP_NET_RAW, puede dise\u00f1ar anuncios de router IPv6, y en consecuencia falsificar hosts IPv6 externos, obtener informaci\u00f3n confidencial o causar una denegaci\u00f3n de servicio."
    }
  ],
  "id": "CVE-2020-13401",
  "lastModified": "2024-11-21T05:01:11.040",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "LOW",
          "baseScore": 6.0,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 3.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-06-02T14:15:10.770",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Broken Link"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00040.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2020/06/01/5"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://docs.docker.com/engine/release-notes/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Release Notes",
        "Third Party Advisory"
      ],
      "url": "https://github.com/docker/docker-ce/releases/tag/v19.03.11"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DN4JQAOXBE3XUNK3FD423LHE3K74EMJT/"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KJZLKRCOJMOGUIJI2AS27BOZS3RBEF3K/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/202008-15"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20200717-0002/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2020/dsa-4716"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00040.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2020/06/01/5"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://docs.docker.com/engine/release-notes/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Release Notes",
        "Third Party Advisory"
      ],
      "url": "https://github.com/docker/docker-ce/releases/tag/v19.03.11"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DN4JQAOXBE3XUNK3FD423LHE3K74EMJT/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KJZLKRCOJMOGUIJI2AS27BOZS3RBEF3K/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/202008-15"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20200717-0002/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2020/dsa-4716"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

cve-2020-13401

Vulnerability from cvelistv5

gsd-2020-13401

Vulnerability from gsd

ghsa-qrrc-ww9x-r43g

Vulnerability from github

var-202006-0429

Vulnerability from variot

Synopsis

Background

Affected packages

Description

Workaround

Resolution

References

Availability

Concerns?

License

cve-2020-13401

Vulnerability from fkie_nvd

Tags

Sightings

Nomenclature