HIGH🇬🇧 English

CVE-2018-12608

CVSS 7.5v3.0pub. 2018-09-10upd. 2024-11-21

An issue was discovered in Docker Moby before 17.06.0. The Docker engine validated a client TLS certificate using both the configured client CA root certificate and all system roots on non-Windows systems. This allowed a client with any domain validated certificate signed by a system-trusted root CA (as opposed to one signed by the configured CA root certificate) to authenticate.

oryginał EN
CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
  • Mobyproject Moby

    APP
    Mobyproject
    < 17.06.0
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
Container
CWE
Referencje

Powiązane podatności

CVE-2026-42306HIGH7.2ten sam produkt

Moby is an open source container framework. In Docker Engine prior to version 29.5.1, Docker Daemon versions 2...

CVE-2024-36623HIGH8.1ten sam produkt

moby through v25.0.3 has a Race Condition vulnerability in the streamformatter package which can be used to tr...

CVE-2023-28840HIGH7.5ten sam produkt

Moby is an open source container framework developed by Docker Inc. that is distributed as Docker, Mirantis Co...

CVE-2026-41568MEDIUM6.1ten sam produkt

Moby is an open source container framework. In Docker Engine prior to version 29.5.1, Docker Daemon versions 2...

CVE-2025-54388MEDIUM5.1ten sam produkt

Moby is an open source container framework developed by Docker Inc. that is distributed as Docker Engine, Mira...

CVE-2018-12608 — HIGH 7.5 | CVEbaza.pl