CVE-2020-14298 — HIGH (8.8)

Q: How severe is CVE-2020-14298?

CVE-2020-14298 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2020-14298?

Check the references section above for vendor advisories and patch information. Affected products include: Docker Docker, Redhat Openshift Container Platform, Redhat Enterprise Linux Server.

Vulnerability Description

The version of docker as released for Red Hat Enterprise Linux 7 Extras via RHBA-2020:0053 advisory included an incorrect version of runc missing the fix for CVE-2019-5736, which was previously fixed via RHSA-2019:0304. This issue could allow a malicious or compromised container to compromise the container host and other containers running on the same host. This issue only affects docker version 1.13.1-108.git4ef4b30.el7, shipped in Red Hat Enterprise Linux 7 Extras. Both earlier and later versions are not affected.

CVSS Score

8.8

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Docker	Docker	1.13.1
Redhat	Openshift Container Platform	>= 3.0, <= 3.7.61
Redhat	Enterprise Linux Server	7.0

Related Weaknesses (CWE)

CWE-273

References

https://access.redhat.com/errata/RHBA-2020:0427Vendor Advisory
https://access.redhat.com/security/cve/CVE-2020-14298Vendor Advisory
https://access.redhat.com/security/vulnerabilities/runcescapeVendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-5736Issue TrackingPatchVendor Advisory
https://access.redhat.com/errata/RHBA-2020:0427Vendor Advisory
https://access.redhat.com/security/cve/CVE-2020-14298Vendor Advisory
https://access.redhat.com/security/vulnerabilities/runcescapeVendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-5736Issue TrackingPatchVendor Advisory

FAQ

What is CVE-2020-14298?

CVE-2020-14298 is a vulnerability with a CVSS score of 8.8 (HIGH). The version of docker as released for Red Hat Enterprise Linux 7 Extras via RHBA-2020:0053 advisory included an incorrect version of runc missing the fix for CVE-2019-5736, which was previously fixed ...

How severe is CVE-2020-14298?

CVE-2020-14298 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2020-14298?

Check the references section above for vendor advisories and patch information. Affected products include: Docker Docker, Redhat Openshift Container Platform, Redhat Enterprise Linux Server.