CNNVD-202507-3014 Information

CNNVD ID

CNNVD-202507-3014

Related CVE

CVE-2017-20198

• CNNVD Published: 2025-07-23

Description (Chinese)

D2iQ DC/OS Marathon是美国D2iQ公司的一款原生任务调度器。 D2iQ DC/OS Marathon1.9.0之前版本存在安全漏洞，该漏洞源于对卷挂载配置的限制不足，可能导致任意Docker容器部署。

Description (English)

D2iQ DC/OS Marathon is an original task dispatcher for D2iQ in the United States. There was a security loophole in the pre-D2iQ DC/OS Marathon1.9.0, which stemmed from inadequate restrictions on the mounted configuration, which could lead to the deployment of any Docker container.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

D2iQ

Published

2025-07-23

Last Modified

2026-02-24

References

https://dcos.io/ https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/linux/ https://warroom.rsmus.com/dcos-marathon-compromise/ https://web.archive.org/web/20230609134421/ https://www.exploit-db.com/exploits/42134 https://www.vulncheck.com/advisories/dcos-marathon-docker-mount-abuse-rce

Patch

https://dcos.io/releases/