CVE-2022-37708: Incorrect Permission Assignment for Critical Resource

January 31, 2023 (updated March 9, 2023)

Docker version 20.10.15, build fd82621 is vulnerable to Insecure Permissions. Unauthorized users outside the Docker container can access any files within the Docker container.

References

github.com/orgs/docker/repositories
github.com/thekevinday/docker_lightman_exploit
nvd.nist.gov/vuln/detail/CVE-2022-37708
www.docker.com/

Detect and mitigate CVE-2022-37708 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →