PT-2019-11188 · Apache · Apache Mesos

Gilbert Song

Published

2019-03-25

Updated

2022-05-13

CVE-2019-0204

CVSS v2.0

9.3

High

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions: Apache Mesos versions prior to 1.4.x Apache Mesos versions 1.4.0 through 1.4.2 Apache Mesos versions 1.5.0 through 1.5.2 Apache Mesos versions 1.6.0 through 1.6.1 Apache Mesos versions 1.7.0 through 1.7.1

Description: A malicious actor can gain root-level code execution on the host by overwriting the init helper binary of the container runtime and/or the command executor in Apache Mesos using a specifically crafted Docker image running under the root user.

Recommendations: For versions prior to 1.4.x, update to a version newer than 1.4.x. For versions 1.4.0 through 1.4.2, update to a version newer than 1.4.2. For versions 1.5.0 through 1.5.2, update to a version newer than 1.5.2. For versions 1.6.0 through 1.6.1, update to a version newer than 1.6.1. For versions 1.7.0 through 1.7.1, update to a version newer than 1.7.1.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2019-0204

GHSA-32W9-2QPC-5F9V

Affected Products

Apache Mesos

PT-2019-11188 · Apache · Apache Mesos

CVE-2019-0204

Related Identifiers

Affected Products

References · 7