CVE-2017-20198
BaseFortify
Publication date: 2025-07-23
Last updated on: 2025-07-25
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| dcos | marathon | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-732 | The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the Marathon UI of DC/OS versions prior to 1.9.0, where unauthenticated users can deploy arbitrary Docker containers. Due to improper restrictions on volume mount configurations, an attacker can deploy a container that mounts the host's root filesystem with read/write privileges. By using a malicious Docker image, the attacker can write to critical system directories like /etc/cron.d/ on the host, enabling arbitrary code execution with root privileges.
How can this vulnerability impact me? :
This vulnerability can allow an attacker to gain root-level code execution on the host system by deploying malicious Docker containers through the Marathon UI without authentication. This can lead to full system compromise, unauthorized access, data manipulation, and potential disruption of services running on the affected system.