PT-2016-7599 · Docker+1 · Docker Engine+2

Published

2016-10-28

Updated

2025-10-11

CVE-2016-8867

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Docker Engine version 1.12.2

Description The issue allows malicious images to bypass user permissions and access files within the container filesystem or mounted volumes due to misconfigured capability policies.

Recommendations For Docker Engine version 1.12.2, consider disabling ambient capabilities until a proper configuration or patch is available to prevent malicious images from bypassing user permissions.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-264

Related Identifiers

CVE-2016-8867

OPENSUSE-SU-2024:10532-1

OPENSUSE-SU-2025:15589-1

RHSA-2020:2653

SUSE-SU-2016:3084-1

SUSE-SU-2016_3084-1

SUSE-SU-2025:03540-1

SUSE-SU-2025:03545-1

Affected Products

Docker

Docker Engine

Suse

PT-2016-7599 · Docker+1 · Docker Engine+2

CVE-2016-8867

Weakness Enumeration

Related Identifiers

Affected Products

References · 257