CVE-2019-0204 – org.apache.mesos:mesos

Package

Manager: maven
Name: org.apache.mesos:mesos
Vulnerable Version: >=0 <1.4.3 || >=1.5.0 <1.5.3 || >=1.6.0 <1.6.2 || >=1.7.0 <1.7.2

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

EPSS: 0.00258 pctl0.48981

Details

Docker image code execution with Apache Mesos A specifically crafted Docker image running under the root user can overwrite the init helper binary of the container runtime and/or the command executor in Apache Mesos versions pre-1.4.x, 1.4.0 to 1.4.2, 1.5.0 to 1.5.2, 1.6.0 to 1.6.1, and 1.7.0 to 1.7.1. A malicious actor can therefore gain root-level code execution on the host.

Metadata

Created: 2022-05-13T01:04:24Z
Modified: 2022-11-01T23:33:48Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-32w9-2qpc-5f9v/GHSA-32w9-2qpc-5f9v.json
CWE IDs: []
Alternative ID: GHSA-32w9-2qpc-5f9v
Finding: F159
Auto approve: 1