Red Hat Bugzilla – Bug 1168436
CVE-2014-5282 docker: tagging image to ID can redirect images on subsequent pulls
Last modified: 2015-07-31 03:30:51 EDT
From the upstream report :
[CVE-2014-5282] Tagging image to ID can redirect images on subsequent pulls
Affects: Docker 1.2 and lower
It has been discovered that users of the Docker Remote API and CLI could cause one image repository, upon pull, to redirect to the content of another image. This is vulnerability affects all versions of Docker up to, but excluding version 1.3.
The primary vector for an attack is by loading of untrusted images via ‘docker load’. Images downloaded from DockerHub or private registries cannot exploit this vulnerability.
It is recommended that users upgrade to Docker engine 1.3.
Users of older releases of docker are advised not to load untrusted images via ‘docker load’. Vendors supporting older releases of Docker should assure they do not allow untrusted tenants to provide images for import with ‘docker load’, or tag images to arbitrary names equal to 64-characters containing characters within the range of [0-9a-f].
Discovered by Eric Windisch of Docker, Inc.