Share
## https://sploitus.com/exploit?id=8DF4117A-0CBF-5767-BEB0-31D3E0375D32
# CVE Docker Lab

A collection of Docker-based reproduction environments for the most impactful CVEs from 2021โ€“2026. Each lab includes a vulnerable environment, PoC exploit, and a detailed analysis document.

> **Disclaimer:** This repository is strictly for **educational and research purposes**. All labs are designed to run locally in isolated Docker containers. Never use these exploits against systems you do not own or have explicit written permission to test.

---

## Requirements

- Docker Engine 20.x+
- Docker Compose v2+
- Python 3.8+ (for PoC scripts)
- 20GB+ free disk space

See [docs/setup.md](docs/setup.md) for installation instructions.

---

## Quick Start

```bash
# Start a specific CVE lab
./scripts/up.sh log4j/CVE-2021-44228

# Or manually
cd log4j/CVE-2021-44228
docker compose up -d

# Clean up all running labs
./scripts/cleanup.sh
```

---

## CVE Index

### RCE (Remote Code Execution)

| Priority | CVE | Software | Mechanism | CVSS | Difficulty |
|----------|-----|----------|-----------|------|------------|
| 1 | [CVE-2021-44228](log4j/CVE-2021-44228/) | Apache Log4j | JNDI Injection (Log4Shell) | 10.0 | Medium |
| 2 | [CVE-2021-41773](apache-httpd/CVE-2021-41773/) | Apache HTTP Server | Path Traversal โ†’ RCE | 9.8 | Easy |
| 3 | [CVE-2022-22965](spring/CVE-2022-22965/) | Spring Framework | Data Binding (Spring4Shell) | 9.8 | Medium |
| 4 | [CVE-2021-26084](confluence/CVE-2021-26084/) | Atlassian Confluence | OGNL Injection | 9.8 | Medium |
| 5 | [CVE-2022-26134](confluence/CVE-2022-26134/) | Atlassian Confluence | OGNL Injection | 9.8 | Medium |
| 6 | [CVE-2022-42889](text4shell/CVE-2022-42889/) | Apache Commons Text | Variable Interpolation (Text4Shell) | 9.8 | Medium |
| 7 | [CVE-2023-46604](activemq/CVE-2023-46604/) | Apache ActiveMQ | OpenWire RCE | 10.0 | Medium |
| 8 | [CVE-2023-22527](confluence/CVE-2023-22527/) | Atlassian Confluence | SSTI (FreeMarker) | 10.0 | Medium |

### LPE (Local Privilege Escalation)

| Priority | CVE | Software | Mechanism | CVSS | Difficulty |
|----------|-----|----------|-----------|------|------------|
| 9 | [CVE-2022-0847](linux-kernel/CVE-2022-0847/) | Linux Kernel | Dirty Pipe | 7.8 | Hard |
| 10 | [CVE-2021-4034](linux-kernel/CVE-2021-4034/) | Polkit (pkexec) | PwnKit | 7.8 | Medium |

### Auth Bypass

| Priority | CVE | Software | Mechanism | CVSS | Difficulty |
|----------|-----|----------|-----------|------|------------|
| 12 | [CVE-2024-1709](connectwise/CVE-2024-1709/) | ConnectWise ScreenConnect | Path Traversal Auth Bypass | 10.0 | Medium |

### Supply Chain

| Priority | CVE | Software | Mechanism | CVSS | Difficulty |
|----------|-----|----------|-----------|------|------------|
| 11 | [CVE-2024-3094](xz-utils/CVE-2024-3094/) | XZ Utils | Backdoor in liblzma | 10.0 | Hard |

---

## Repository Structure

```
CVE/
โ”œโ”€โ”€ README.md
โ”œโ”€โ”€ docs/
โ”‚   โ”œโ”€โ”€ TEMPLATE.md         # CVE analysis document template
โ”‚   โ”œโ”€โ”€ setup.md            # Docker environment setup guide
โ”‚   โ””โ”€โ”€ categories.md       # Vulnerability type index
โ”œโ”€โ”€ scripts/
โ”‚   โ”œโ”€โ”€ up.sh               # Start a specific CVE lab
โ”‚   โ””โ”€โ”€ cleanup.sh          # Stop all running labs
โ”œโ”€โ”€ log4j/CVE-2021-44228/
โ”œโ”€โ”€ apache-httpd/CVE-2021-41773/
โ”œโ”€โ”€ spring/CVE-2022-22965/
โ”œโ”€โ”€ confluence/
โ”‚   โ”œโ”€โ”€ CVE-2021-26084/
โ”‚   โ”œโ”€โ”€ CVE-2022-26134/
โ”‚   โ””โ”€โ”€ CVE-2023-22527/
โ”œโ”€โ”€ text4shell/CVE-2022-42889/
โ”œโ”€โ”€ activemq/CVE-2023-46604/
โ”œโ”€โ”€ linux-kernel/
โ”‚   โ”œโ”€โ”€ CVE-2022-0847/
โ”‚   โ””โ”€โ”€ CVE-2021-4034/
โ”œโ”€โ”€ xz-utils/CVE-2024-3094/
โ””โ”€โ”€ connectwise/CVE-2024-1709/
```

---

## Contributing

See [docs/TEMPLATE.md](docs/TEMPLATE.md) for the standard structure when adding a new CVE lab.