CVE-2016-8867

Docker Engine 1.12.2 enabled ambient capabilities with misconfigured capability policies. This allowed malicious images to bypass user permissions to access files within the container filesystem or mounted volumes.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 60%
Affected Products (NVD)
VendorProductVersion
dockerdocker
1.12.2
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
docker.io
bookworm
20.10.24+dfsg1-1
fixed
bullseye
20.10.5+dfsg1-1+deb11u2
fixed
bullseye (security)
20.10.5+dfsg1-1+deb11u3
fixed
sid
26.1.5+dfsg1-4
fixed
trixie
26.1.5+dfsg1-4
fixed
runc
bookworm
1.1.5+ds1-1+deb12u1
fixed
bookworm (security)
1.1.5+ds1-1+deb12u1
fixed
bullseye
1.0.0~rc93+ds1-5+deb11u5
fixed
bullseye (security)
1.0.0~rc93+ds1-5+deb11u3
fixed
sid
1.1.15+ds1-1
fixed
trixie
1.1.12+ds1-5.1
fixed
openSUSE logo
openSUSE / SLES Releases
openSUSE Product
Release
docker
suse enterprise sap 12
1.12.3-81.2
fixed
suse enterprise sap 12 SP3
1.12.3-81.2
fixed
suse enterprise sap 12 SP4
1.12.3-81.2
fixed
suse enterprise sap 12 SP5
1.12.3-81.2
fixed
suse enterprise server 12
1.12.3-81.2
fixed
suse enterprise server 12 SP3
1.12.3-81.2
fixed
suse enterprise server 12 SP4
1.12.3-81.2
fixed
suse enterprise server 12 SP5
1.12.3-81.2
fixed
Common Weakness Enumeration
References
http://www.securityfocus.com/bid/94228
http://www.securitytracker.com/id/1037203
https://www.docker.com/docker-cve-database
http://www.securityfocus.com/bid/94228
http://www.securitytracker.com/id/1037203
https://www.docker.com/docker-cve-database