Approved changes feed: RSS · Atom
cpe:2.3:a:amirraminfar:dozzle:*:*:*:*:*:docker:*:*
part: a version: * update: *
| Vendor | Amirraminfar (151ac8df-b302-54b9-8738-bb445f6af835) |
|---|---|
| Product | Dozzle (b3ef126c-37eb-54b7-b6db-10b76154abea) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | docker |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2026-24740 |
vulnerable | 2026-06-08 07:51:18.103213 |
Dozzle Agent Label-Based Access Control Bypass Allows Unauthorized Container Shell Access
Dozzle is a realtime log viewer for docker containers. Prior to version 9.0.3, a flaw in Dozzle’s agent-backed shell endpoints allows a user restricted by label filters (for example, `label=env=dev`) to obtain an interactive root shell in out‑of‑scope containers (for example, `env=prod`) on the same agent host by directly targeting their container IDs. Version 9.0.3 contains a patch for the issue.
Published: 2026-01-27T20:59:05.656Z
Updated: 2026-01-28T21:16:44.096Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-47182 |
vulnerable | 2026-06-08 06:48:11.551844 |
Dozzle uses unsafe hash for passwords
MEDIUM (4.8)
Dozzle is a realtime log viewer for docker containers. Before version 8.5.3, the app uses sha-256 as the hash for passwords, which leaves users susceptible to rainbow table attacks. The app switches to bcrypt, a more appropriate hash for passwords, in version 8.5.3.
Published: 2024-09-27T13:58:22.881Z
Updated: 2024-09-27T14:13:09.811Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.