Critical severityNVD Advisory· Published Jul 23, 2025· Updated Apr 15, 2026
CVE-2017-20198
CVE-2017-20198
Description
The Marathon UI in DC/OS < 1.9.0 allows unauthenticated users to deploy arbitrary Docker containers. Due to improper restriction of volume mount configurations, attackers can deploy a container that mounts the host's root filesystem (/) with read/write privileges. When using a malicious Docker image, the attacker can write to /etc/cron.d/ on the host, achieving arbitrary code execution with root privileges. This impacts any system where the Docker daemon honors Marathon container configurations without policy enforcement.
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
5- dcos.ionvd
- raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/linux/http/dcos_marathon.rbnvd
- web.archive.org/web/20230609134421/https://warroom.rsmus.com/dcos-marathon-compromise/nvd
- www.exploit-db.com/exploits/42134nvd
- www.vulncheck.com/advisories/dcos-marathon-docker-mount-abuse-rcenvd
News mentions
0No linked articles in our index yet.