@giladreti - actually I have thought about this some more and consulted with others and we feel that the most appropriate CVSS vector would be: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
ie. compared to my previous post above I have changed the following:
Attack Vector: Local since if you have a docker container already executing that you have control of (as the attacker) then this is local access.
Privilege Required: Low - since this does not need to be a privileged docker container but it does need some privileges so that it is actually runnning etc
@giladreti - actually I have thought about this some more and consulted with others and we feel that the most appropriate CVSS vector would be: CVSS:3. 1/AV:L/ AC:L/PR: L/UI:N/ S:C/C:H/ I:H/A:H
ie. compared to my previous post above I have changed the following:
Attack Vector: Local since if you have a docker container already executing that you have control of (as the attacker) then this is local access.
Privilege Required: Low - since this does not need to be a privileged docker container but it does need some privileges so that it is actually runnning etc
this gives a CVSS base score of 8.8