CVE-2019-0204

Summary

A specifically crafted Docker image running under the root user can overwrite the init helper binary of the container runtime and/or the command executor in Apache Mesos versions pre-1.4.x, 1.4.0 to 1.4.2, 1.5.0 to 1.5.2, 1.6.0 to 1.6.1, and 1.7.0 to 1.7.1. A malicious actor can therefore gain root-level code execution on the host.

Affected Software

VendorProductVersion RangeStatus
ApacheApache Mesospre-1.4.xaffected
ApacheApache Mesos1.4.0 to 1.4.2affected
ApacheApache Mesos1.5.0 to 1.5.2affected
ApacheApache Mesos1.6.0 to 1.6.1affected
ApacheApache Mesos1.7.0 to 1.7.1affected

Weaknesses

  • Other

ADP Enrichment

CVE Program Container

Additional References

References