5

CVSS Score

Basic Information

CVE ID

CVE-2014-6408

GHSA ID

GHSA-44gg-pmqr-4669

EPSS Score

0.81232%

CWE

CWE-285

Published

2/15/2022

Updated

1/9/2023

KEV Status

Technology

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2014-6408

CVE-2014-6408: Access Restriction Bypass in Docker

Docker 1.3.0 through 1.3.1 allows remote attackers to modify the default run profile of image containers and possibly bypass the container by applying unspecified security options to an image.

(GitHub Advisory)

5

CVSS Score

Basic Information

CVE ID

CVE-2014-6408

GHSA ID

GHSA-44gg-pmqr-4669

EPSS Score

0.81232%

CWE

CWE-285

Published

2/15/2022

Updated

1/9/2023

KEV Status

Technology

Technical Details

CVSS Vector

AV:N/AC:L/Au:N/C:N/I:P/A:N

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
github.com/docker/docker	go	>= 1.3.0, < 1.3.2	1.3.2

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability stemmed from Docker processing security options (SecurityOpt) from image configurations (Config struct) rather than runtime configurations (HostConfig). The commit diff shows SecurityOpt was moved from Config to HostConfig, and parseSecurityOpt() was modified to accept HostConfig. Previously, when parseSecurityOpt() was called during container initialization (via newContainer()) using the image's Config, attackers could embed malicious SecurityOpt in images. By moving SecurityOpt handling to HostConfig (runtime settings) and invoking parseSecurityOpt() later in setHostConfig(), the patch ensured security options are controlled by the user/administrator, not the image.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

*o*k*r *.*.* t*rou** *.*.* *llows r*mot* *tt**k*rs to mo*i*y t** ****ult run pro*il* o* im*** *ont*in*rs *n* possi*ly *yp*ss t** *ont*in*r *y *pplyin* unsp**i*i** s**urity options to *n im***.

Reasoning

T** vuln*r**ility st*mm** *rom *o*k*r pro**ssin* s**urity options (S**urityOpt) *rom im*** *on*i*ur*tions (*on*i* stru*t) r*t**r t**n runtim* *on*i*ur*tions (*ost*on*i*). T** *ommit *i** s*ows `S**urityOpt` w*s mov** *rom `*on*i*` to `*ost*on*i*`, *n

5

Basic Information

Concerned about an active attack path?

CVE-2014-6408: Access Restriction Bypass in Docker

5

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability Intelligence
Miggo AI