PT-2018-4262 · Docker · Boot2Docker
Publicado
2018-02-06
·
Atualizado
2020-01-30
·
CVE-2014-5280
CVSS v2.0
9.3
Alta
| Vetor | AV:N/AC:M/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
boot2docker versions 1.2 and earlier
Description
The issue allows attackers to conduct cross-site request forgery (CSRF) attacks by leveraging Docker daemons that have TCP connections enabled without TLS authentication.
Recommendations
For boot2docker versions 1.2 and earlier, consider disabling TCP connections or enabling TLS authentication for Docker daemons to prevent CSRF attacks.
Correção
CSRF
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Boot2Docker