CVE-2019-13139

EUVD-2019-4672
In Docker before 18.09.4, an attacker who is capable of supplying or manipulating the build path for the "docker build" command would be able to gain command execution. An issue exists in the way "docker build" processes remote git URLs, and results in command injection into the underlying "git clone" command, leading to code execution in the context of the user executing the "docker build" command. This occurs because git ref can be misinterpreted as a flag.
OS Command Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
8.4 HIGH
LOCAL
LOW
NONE
CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 42%
Affected Products (NVD)
VendorProductVersion
dockerdocker
𝑥
< 18.09.4
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
docker.io
bookworm
20.10.24+dfsg1-1
fixed
bullseye
20.10.5+dfsg1-1+deb11u2
fixed
bullseye (security)
20.10.5+dfsg1-1+deb11u3
fixed
sid
26.1.5+dfsg1-4
fixed
trixie
26.1.5+dfsg1-4
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
docker.io
bionic
not-affected
disco
not-affected
trusty
dne
xenial
not-affected
Common Weakness Enumeration
References
https://access.redhat.com/errata/RHBA-2019:3092
https://docs.docker.com/engine/release-notes/#18094
https://github.com/moby/moby/pull/38944
https://seclists.org/bugtraq/2019/Sep/21
https://security.netapp.com/advisory/ntap-20190910-0001/
https://staaldraad.github.io/post/2019-07-16-cve-2019-13139-docker-build/
https://www.debian.org/security/2019/dsa-4521
https://access.redhat.com/errata/RHBA-2019:3092
https://docs.docker.com/engine/release-notes/#18094
https://github.com/moby/moby/pull/38944
https://seclists.org/bugtraq/2019/Sep/21
https://security.netapp.com/advisory/ntap-20190910-0001/
https://staaldraad.github.io/post/2019-07-16-cve-2019-13139-docker-build/
https://www.debian.org/security/2019/dsa-4521