CVE-2019-0204
Last modified
CVE-2019-0204 is a high-severity vulnerability rated 7.8/10 on the CVSS scale. A specifically crafted Docker image running under the root user can overwrite the init helper binary of the container runtime and/or the command executor in Apache Mesos versions pre-1.4.x, 1.4.0 to 1.4.2, 1.5.0 to 1.5.2, 1.6.0 to 1.6.1, and 1.7.0 to 1.7.1. A malicious actor can therefore gain root-level code execution on the host.. EPSS estimates a 2.71% chance of exploitation in the next 30 days.
Description
A specifically crafted Docker image running under the root user can overwrite the init helper binary of the container runtime and/or the command executor in Apache Mesos versions pre-1.4.x, 1.4.0 to 1.4.2, 1.5.0 to 1.5.2, 1.6.0 to 1.6.1, and 1.7.0 to 1.7.1. A malicious actor can therefore gain root-level code execution on the host.
Metrics
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected Software
| Vendor | Product | Versions | Update |
|---|---|---|---|
| Apache | Mesos | >= 1.4.0, < 1.4.3 | — |
| Apache | Mesos | >= 1.5.0, < 1.5.3 | — |
| Apache | Mesos | >= 1.6.0, < 1.6.2 | — |
| Apache | Mesos | >= 1.7.0, < 1.7.2 | — |
| Apache | Mesos | 1.8.0 | Dev |
| Redhat | Fuse | 7.5.0 | — |
References
- http://www.securityfocus.com/bid/107605Third Party Advisory, VDB Entry
- https://access.redhat.com/errata/RHSA-2019:3892Third Party Advisory
- http://www.securityfocus.com/bid/107605Third Party Advisory, VDB Entry
- https://access.redhat.com/errata/RHSA-2019:3892Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2019-0204?
How severe is CVE-2019-0204?
How do I fix CVE-2019-0204?
Are you affected by CVE-2019-0204?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST