Closed
Description
In GitHub Security Advisory GHSA-8fvr-5rqf-3wwh, there is a vulnerability in the following Go packages or modules:
| Unit | Fixed | Vulnerable Ranges |
|---|---|---|
| github.com/moby/moby | 1.6.1 | >= 1.6.0, < 1.6.1 |
See doc/triage.md for instructions on how to triage this report.
packages:
- package: github.com/moby/moby
versions:
- introduced: 1.6.0
fixed: 1.6.1
description: Docker Engine before 1.6.1 uses weak permissions for (1) /proc/asound,
(2) /proc/timer_stats, (3) /proc/latency_stats, and (4) /proc/fs, which allows
local users to modify the host, obtain sensitive information, and perform protocol
downgrade attacks via a crafted image.
published: 2022-02-15T01:57:18Z
last_modified: 2022-04-12T22:39:05Z
cves:
- CVE-2015-3630
ghsas:
- GHSA-8fvr-5rqf-3wwh
links:
context:
- https://github.com/advisories/GHSA-8fvr-5rqf-3wwh