What is CVE-2019-0204?

CVE-2019-0204 is a vulnerability in Apache Mesos versions pre-1.4.x, 1.4.0 to 1.4.2, 1.5.0 to 1.5.2, 1.6.0 to 1.6.1, and 1.7.0 to 1.7.1 that allows a malicious actor to gain root access to the system.

How severe is CVE-2019-0204?

CVE-2019-0204 is classified as critical with a severity score of 8.8 out of 10.

How do I check if my system is affected by CVE-2019-0204?

To check if your system is affected by CVE-2019-0204, verify if you have Apache Mesos versions pre-1.4.x, 1.4.0 to 1.4.2, 1.5.0 to 1.5.2, 1.6.0 to 1.6.1, or 1.7.0 to 1.7.1 installed.

How can I fix CVE-2019-0204?

To fix CVE-2019-0204, update your Apache Mesos to version 1.4.3, 1.5.3, 1.6.2, 1.7.2, or 1.8.0, depending on your currently installed version.

Where can I find more information about CVE-2019-0204?

For more information about CVE-2019-0204, you can refer to the following references: - [CVE-2019-0204 on the Apache Mesos mailing list](https://lists.apache.org/thread.html/b162dd624dc088cd634292f0402282a1d1d0ce853baeae8205bc033c@%3Cdev.mesos.apache.org%3E) - [CVE-2019-0204 on Bugzilla Red Hat](https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1692756) - [Red Hat Security Advisory RHSA-2019:3892](https://access.redhat.com/errata/RHSA-2019:3892)

Vulnerability/
CVE-2019-0204

critical

9.3

CWE

250

23/3/2019

25/3/2019

4/8/2024

CVE-2019-0204

First published: Sat Mar 23 2019(Updated: )

A flaw was found in Docker image running under root user, where it is possible to overwrite the init helper binary of the container runtime or the command executor in Apache Mesos. A malicious user could use this flaw to gain root-level code execution on the host.

Credit: security@apache.org

Affected Software	Affected Version	How to fix
Apache Mesos	>=1.4.0<1.4.3
Apache Mesos	>=1.6.0<1.6.2
Apache Mesos	>=1.7.0<1.7.2
Apache Mesos	=1.8.0-dev
Redhat Fuse	=7.5.0

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

RHSA-2019:3892

Frequently Asked Questions

What is CVE-2019-0204?
CVE-2019-0204 is a vulnerability in Apache Mesos versions pre-1.4.x, 1.4.0 to 1.4.2, 1.5.0 to 1.5.2, 1.6.0 to 1.6.1, and 1.7.0 to 1.7.1 that allows a malicious actor to gain root access to the system.
How severe is CVE-2019-0204?
CVE-2019-0204 is classified as critical with a severity score of 8.8 out of 10.
How do I check if my system is affected by CVE-2019-0204?
To check if your system is affected by CVE-2019-0204, verify if you have Apache Mesos versions pre-1.4.x, 1.4.0 to 1.4.2, 1.5.0 to 1.5.2, 1.6.0 to 1.6.1, or 1.7.0 to 1.7.1 installed.
How can I fix CVE-2019-0204?
To fix CVE-2019-0204, update your Apache Mesos to version 1.4.3, 1.5.3, 1.6.2, 1.7.2, or 1.8.0, depending on your currently installed version.
Where can I find more information about CVE-2019-0204?
For more information about CVE-2019-0204, you can refer to the following references: - [CVE-2019-0204 on the Apache Mesos mailing list](https://lists.apache.org/thread.html/b162dd624dc088cd634292f0402282a1d1d0ce853baeae8205bc033c@%3Cdev.mesos.apache.org%3E) - [CVE-2019-0204 on Bugzilla Red Hat](https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1692756) - [Red Hat Security Advisory RHSA-2019:3892](https://access.redhat.com/errata/RHSA-2019:3892)

collector/redhat-cve
collector/nvd-index
agent/type
agent/first-publish-date
agent/softwarecombine
agent/severity
agent/weakness
agent/author
collector/redhat-bugzilla
source/Red Hat
alias/CVE-2019-0204
agent/software-canonical-lookup
collector/mitre-cve
source/MITRE
agent/references
agent/last-modified-date
agent/tags
agent/event
agent/description
agent/trending
vendor/apache
canonical/apache mesos
version/apache mesos/1.4.0
version/apache mesos/1.5.0
version/apache mesos/1.6.0
version/apache mesos/1.7.0
version/apache mesos/1.8.0-dev
vendor/redhat
canonical/redhat fuse
version/redhat fuse/7.5.0
package-manager/redhat