{
  "threat_severity" : "Low",
  "public_date" : "2015-10-13T00:00:00Z",
  "bugzilla" : {
    "description" : "docker: Attacker controlled layer IDs lead to local graph content poisoning",
    "id" : "1271253",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1271253"
  },
  "cvss" : {
    "cvss_base_score" : "1.2",
    "cvss_scoring_vector" : "AV:L/AC:H/Au:N/C:N/I:P/A:N",
    "status" : "draft"
  },
  "details" : [ "Docker Engine before 1.8.3 and CS Docker Engine before 1.6.2-CS7 do not use a globally unique identifier to store image layers, which makes it easier for attackers to poison the image cache via a crafted image in pull or push commands." ],
  "statement" : "This issue is exploitable by malicious Docker images. Red Hat supports images from it's own registry, ISV images certified by the Red Hat certification program, and images using qualified customer content.",
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Will not fix",
    "package_name" : "docker",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2014-8178\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-8178" ],
  "name" : "CVE-2014-8178",
  "csaw" : false
}