CVE-2018-12608

{"id": "CVE-2018-12608", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2018-09-10T17:29:00.287", "references": [{"url": "https://github.com/moby/moby/pull/33182", "tags": ["Patch", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://github.com/moby/moby/pull/33182", "tags": ["Patch", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-295"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in Docker Moby before 17.06.0. The Docker engine validated a client TLS certificate using both the configured client CA root certificate and all system roots on non-Windows systems. This allowed a client with any domain validated certificate signed by a system-trusted root CA (as opposed to one signed by the configured CA root certificate) to authenticate."}, {"lang": "es", "value": "Se ha descubierto un problema en Docker Moby, en versiones anteriores a la 17.06.0. EL motor Docker valid\u00f3 el certificado TLS del cliente mediante el certificado root del CA del cliente configurado y todos los roots del sistema en sistemas que no son Windows. Esto permiti\u00f3 que un cliente con cualquier certificado de dominio validado por una CA root en la que conf\u00eda el sistema (al contrario que otro firmado por la CA root configurada) para autenticarse"}], "lastModified": "2024-11-21T03:45:32.067", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:mobyproject:moby:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "779519D6-D1A3-464C-9ECD-601E87099FFD", "versionEndExcluding": "17.06.0"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}