[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

248149

 
 

909

 
 

194803

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2018-15664Date: (C)2019-06-17   (M)2024-02-09


In Docker through 18.06.1-ce-rc2, the API endpoints behind the 'docker cp' command are vulnerable to a symlink-exchange attack with Directory Traversal, giving attackers arbitrary read-write access to the host filesystem with root privileges, because daemon/archive.go does not do archive operations on a frozen filesystem (or from within a chroot).

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V3 Severity:CVSS V2 Severity:
CVSS Score : 7.5CVSS Score : 6.2
Exploit Score: 0.8Exploit Score: 1.9
Impact Score: 6.0Impact Score: 10.0
 
CVSS V3 Metrics:CVSS V2 Metrics:
Attack Vector: LOCALAccess Vector: LOCAL
Attack Complexity: HIGHAccess Complexity: HIGH
Privileges Required: LOWAuthentication: NONE
User Interaction: REQUIREDConfidentiality: COMPLETE
Scope: CHANGEDIntegrity: COMPLETE
Confidentiality: HIGHAvailability: COMPLETE
Integrity: HIGH 
Availability: HIGH 
  
Reference:
BID-108507
RHSA-2019:1910
USN-4048-1
http://www.openwall.com/lists/oss-security/2019/05/28/1
http://www.openwall.com/lists/oss-security/2019/08/21/1
https://access.redhat.com/security/cve/cve-2018-15664
https://bugzilla.suse.com/show_bug.cgi?id=1096726
https://github.com/moby/moby/pull/39252
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-15664
openSUSE-SU-2019:1621
openSUSE-SU-2019:2044

CWE    1
CWE-362
OVAL    10
oval:org.secpod.oval:def:1601024
oval:org.secpod.oval:def:89050728
oval:org.secpod.oval:def:1504086
oval:org.secpod.oval:def:1902133
...

© SecPod Technologies