PT-2020-16700 · Docker · Docker Engine+1
Published
2020-12-30
·
Updated
2024-01-31
·
CVE-2020-27534
CVSS v3.1
5.3
Medium
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Docker Engine versions prior to 19.03.9
Description
The issue arises from the
util/binfmt misc/check.go file in the Builder component of Docker Engine, where it calls os.OpenFile with a potentially unsafe temporary pathname for qemu-check. This pathname is constructed using an empty first argument in an ioutil.TempDir call.Recommendations
For Docker Engine versions prior to 19.03.9, update to version 19.03.9 or later to resolve the issue.
Fix
Path traversal
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Docker
Docker Engine