CVE-2018-15664

Published May 23, 2019
Last updated 5 years ago
CVSS high 7.5
Overview

Description: In Docker through 18.06.1-ce-rc2, the API endpoints behind the 'docker cp' command are vulnerable to a symlink-exchange attack with Directory Traversal, giving attackers arbitrary read-write access to the host filesystem with root privileges, because daemon/archive.go does not do archive operations on a frozen filesystem (or from within a chroot).
Source: cve@mitre.org
NVD status: Modified
Risk scores

CVSS 3.0

Type: Primary
Base score: 7.5
Impact score: 6
Exploitability score: 0.8
Vector string: CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H
Severity: HIGH
CVSS 2.0

Type: Primary
Base score: 6.2
Impact score: 10
Exploitability score: 1.9
Vector string: AV:L/AC:H/Au:N/C:C/I:C/A:C
Weaknesses

nvd@nist.gov: CWE-362
Hype score: Not currently trending
Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:docker:docker:17.06.0-ce:*:*:*:community:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "03ED214E-B35E-4269-AB60-DC153D84A7EA"
          },
          {
            "criteria": "cpe:2.3:a:docker:docker:17.06.0-ce:rc1:*:*:community:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "23DC417C-741C-4B54-AC05-695266F837BC"
          },
          {
            "criteria": "cpe:2.3:a:docker:docker:17.06.0-ce:rc2:*:*:community:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EA9CEEEF-FA4C-466B-B06A-409B412911CE"
          },
          {
            "criteria": "cpe:2.3:a:docker:docker:17.06.0-ce:rc3:*:*:community:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1D56B684-9D21-456D-AEAF-681FE4AF34DC"
          },
          {
            "criteria": "cpe:2.3:a:docker:docker:17.06.0-ce:rc4:*:*:community:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6AC3E4B6-3D75-408D-B3CD-0E5FC83DC303"
          },
          {
            "criteria": "cpe:2.3:a:docker:docker:17.06.0-ce:rc5:*:*:community:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1BA3AC1D-E044-4F3F-A880-9D57E6247D3E"
          },
          {
            "criteria": "cpe:2.3:a:docker:docker:17.06.1-ce:*:*:*:community:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "ADFFCF49-C72C-4122-8035-D56FBDF36EF3"
          },
          {
            "criteria": "cpe:2.3:a:docker:docker:17.06.1-ce:rc1:*:*:community:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A07F31B1-0471-4496-98E8-3D50D62A9376"
          },
          {
            "criteria": "cpe:2.3:a:docker:docker:17.06.1-ce:rc2:*:*:community:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "157499DF-2A7E-4615-9F6B-383F998D45D1"
          },
          {
            "criteria": "cpe:2.3:a:docker:docker:17.06.1-ce:rc3:*:*:community:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "426A1B51-9C0C-4E2E-AD7B-F2C9C2F90DC0"
          },
          {
            "criteria": "cpe:2.3:a:docker:docker:17.06.1-ce:rc4:*:*:community:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BA3C59E2-4528-498B-B77A-CCDB9E1F2EC3"
          },
          {
            "criteria": "cpe:2.3:a:docker:docker:17.06.2-ce:*:*:*:community:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FF0BFEAD-83C4-43C3-AF7F-B07E623027CA"
          },
          {
            "criteria": "cpe:2.3:a:docker:docker:17.06.2-ce:rc1:*:*:community:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "90446BD3-E1E0-4FF0-8617-635C1428206C"
          },
          {
            "criteria": "cpe:2.3:a:docker:docker:17.07.0-ce:*:*:*:community:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "346B183E-B29A-4D11-A5EB-B4263AE2A930"
          },
          {
            "criteria": "cpe:2.3:a:docker:docker:17.07.0-ce:rc1:*:*:community:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0E3245D9-EE7C-48C6-ADA7-D09BAC758335"
          },
          {
            "criteria": "cpe:2.3:a:docker:docker:17.07.0-ce:rc2:*:*:community:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "06067BD7-BF28-4C3C-8AA4-33AE91D1A08D"
          },
          {
            "criteria": "cpe:2.3:a:docker:docker:17.07.0-ce:rc3:*:*:community:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2AA91357-976E-4E58-933F-3B5053E44AD6"
          },
          {
            "criteria": "cpe:2.3:a:docker:docker:17.07.0-ce:rc4:*:*:community:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "08DBC6A3-AFC6-4D34-B2C6-E7557A9BAC55"
          },
          {
            "criteria": "cpe:2.3:a:docker:docker:17.09.0-ce:*:*:*:community:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0CDFF197-1317-4E9A-89AC-42A347E92CB0"
          },
          {
            "criteria": "cpe:2.3:a:docker:docker:17.09.0-ce:rc1:*:*:community:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DBA8D554-BA26-4440-83C1-623B02B9378A"
          },
          {
            "criteria": "cpe:2.3:a:docker:docker:17.09.0-ce:rc2:*:*:community:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "444F283F-E95D-4885-88E9-552846EB34B4"
          },
          {
            "criteria": "cpe:2.3:a:docker:docker:17.09.0-ce:rc3:*:*:community:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F0C3E0C2-B036-49CE-99DF-7243AFFD23D5"
          },
          {
            "criteria": "cpe:2.3:a:docker:docker:17.09.1-ce:*:*:*:community:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "443E631B-4D7D-4C45-8A64-6C98DD18D286"
          },
          {
            "criteria": "cpe:2.3:a:docker:docker:17.09.1-ce-:rc1:*:*:community:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CDE4D9DF-794E-4ACB-88D4-866F1D333B72"
          },
          {
            "criteria": "cpe:2.3:a:docker:docker:17.10.0-ce:*:*:*:community:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3332E705-364B-4CFE-8EFE-791191DD6D92"
          },
          {
            "criteria": "cpe:2.3:a:docker:docker:17.10.0-ce:rc1:*:*:community:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CB5190C1-B7B3-4CA5-8B04-7C4C29952687"
          },
          {
            "criteria": "cpe:2.3:a:docker:docker:17.10.0-ce:rc2:*:*:community:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7926C680-46ED-49FE-9000-A2CCD61CF6EF"
          },
          {
            "criteria": "cpe:2.3:a:docker:docker:17.11.0-ce:*:*:*:community:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B7C29495-0403-4D11-9687-249DCD60536B"
          },
          {
            "criteria": "cpe:2.3:a:docker:docker:17.11.0-ce:rc1:*:*:community:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9CFCE477-6B5C-43B2-BA05-2D4B8C18168A"
          },
          {
            "criteria": "cpe:2.3:a:docker:docker:17.11.0-ce:rc2:*:*:community:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "62A4CEB1-4053-4508-9FE7-0D23A61CEE64"
          },
          {
            "criteria": "cpe:2.3:a:docker:docker:17.11.0-ce:rc3:*:*:community:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A3BC6153-1036-4A2B-8E6B-CCCBE9866641"
          },
          {
            "criteria": "cpe:2.3:a:docker:docker:17.11.0-ce:rc4:*:*:community:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EB4E8414-1B6C-457E-8C1D-19D962FEF212"
          },
          {
            "criteria": "cpe:2.3:a:docker:docker:17.12.0-ce:*:*:*:community:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A4FE190B-896E-4CFD-AD14-B8F990F6C2D4"
          },
          {
            "criteria": "cpe:2.3:a:docker:docker:17.12.0-ce:rc1:*:*:community:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "03558F57-4DB4-42A1-8FFF-E32455F14D43"
          },
          {
            "criteria": "cpe:2.3:a:docker:docker:17.12.0-ce:rc2:*:*:community:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BD7FE2CE-D564-4B0F-A86C-3D9D8ADB4209"
          },
          {
            "criteria": "cpe:2.3:a:docker:docker:17.12.0-ce:rc3:*:*:community:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CE6482EC-8B28-4EBA-8D31-444AF20CDF45"
          },
          {
            "criteria": "cpe:2.3:a:docker:docker:17.12.0-ce:rc4:*:*:community:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2B6895B8-84E0-4796-9BE6-F560F78B6F09"
          },
          {
            "criteria": "cpe:2.3:a:docker:docker:17.12.1-ce:*:*:*:community:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2476F29C-9011-4040-B45B-ABEA9D9B989A"
          },
          {
            "criteria": "cpe:2.3:a:docker:docker:17.12.1-ce:rc1:*:*:community:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BA34377A-7FAF-489F-967C-592F4DDAA395"
          },
          {
            "criteria": "cpe:2.3:a:docker:docker:17.12.1-ce:rc2:*:*:community:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F5981E01-90F2-4950-BDCC-049B8CF11BF7"
          },
          {
            "criteria": "cpe:2.3:a:docker:docker:18.01.0-ce:*:*:*:community:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6A67CC6A-5DFF-4EC8-AD89-CBE61D5B1E86"
          },
          {
            "criteria": "cpe:2.3:a:docker:docker:18.01.0-ce:rc1:*:*:community:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "417A41D1-95F5-4F11-A84A-80EFB5470FDB"
          },
          {
            "criteria": "cpe:2.3:a:docker:docker:18.02.0-ce:*:*:*:community:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E6EFF14F-CD0B-4AC6-95F8-AEAAE0AFC9F5"
          },
          {
            "criteria": "cpe:2.3:a:docker:docker:18.02.0-ce:rc1:*:*:community:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "749D44D3-0800-452D-B617-16533AFCDB9E"
          },
          {
            "criteria": "cpe:2.3:a:docker:docker:18.02.0-ce:rc2:*:*:community:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BFDB4066-4966-45DA-886B-83B4DA10E5DC"
          },
          {
            "criteria": "cpe:2.3:a:docker:docker:18.03.0-ce:*:*:*:community:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A632A32E-83CC-4643-A92E-4B853772B1E5"
          },
          {
            "criteria": "cpe:2.3:a:docker:docker:18.03.0-ce:rc1:*:*:community:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "74447A87-49F6-40E9-B42B-4DD10915FD5F"
          },
          {
            "criteria": "cpe:2.3:a:docker:docker:18.03.0-ce:rc2:*:*:community:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "850F9B89-B19C-4334-B188-ED9B30E4858F"
          },
          {
            "criteria": "cpe:2.3:a:docker:docker:18.03.0-ce:rc3:*:*:community:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DC41D120-BB84-497B-8E14-4242DA34336B"
          },
          {
            "criteria": "cpe:2.3:a:docker:docker:18.03.0-ce:rc4:*:*:community:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D3A6BC7B-16B3-4C38-884F-F3D58D02DCB0"
          },
          {
            "criteria": "cpe:2.3:a:docker:docker:18.03.1-ce:*:*:*:community:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "76C71530-639E-4E9A-B74F-0D046E0F1A35"
          },
          {
            "criteria": "cpe:2.3:a:docker:docker:18.03.1-ce:rc1:*:*:community:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B1C17446-B119-483F-8BB2-80DBE1CD28C4"
          },
          {
            "criteria": "cpe:2.3:a:docker:docker:18.03.1-ce:rc2:*:*:community:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D5DEED51-DDC3-40CA-8FDA-59462492BEA7"
          },
          {
            "criteria": "cpe:2.3:a:docker:docker:18.04.0-ce:*:*:*:community:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CF279FD4-58D4-4272-AC14-DE9D79D88BE9"
          },
          {
            "criteria": "cpe:2.3:a:docker:docker:18.04.0-ce:rc1:*:*:community:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "749AA8E0-2F98-424C-9A0D-9F91987F3A5F"
          },
          {
            "criteria": "cpe:2.3:a:docker:docker:18.04.0-ce:rc2:*:*:community:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E5C31E97-B350-457C-9EBE-CD9DEC94D818"
          },
          {
            "criteria": "cpe:2.3:a:docker:docker:18.05.0-ce:*:*:*:community:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DE28CE42-3EB2-4032-BEE6-C87C65551B94"
          },
          {
            "criteria": "cpe:2.3:a:docker:docker:18.05.0-ce:rc1:*:*:community:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2704A6EF-A030-4B3F-8160-EE1F4B401E8D"
          },
          {
            "criteria": "cpe:2.3:a:docker:docker:18.06.0-ce:*:*:*:community:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "18C4AB1B-79B0-4F1B-A80D-B4F16C49BFF7"
          },
          {
            "criteria": "cpe:2.3:a:docker:docker:18.06.0-ce:rc1:*:*:community:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A48C808D-7B04-457F-9724-1694696773CE"
          },
          {
            "criteria": "cpe:2.3:a:docker:docker:18.06.0-ce:rc2:*:*:community:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D20E4F37-3E9E-4A42-8E6A-7888776B2C5B"
          },
          {
            "criteria": "cpe:2.3:a:docker:docker:18.06.0-ce:rc3:*:*:community:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6CBB326E-A337-4047-B332-E12EB6F00E1F"
          },
          {
            "criteria": "cpe:2.3:a:docker:docker:18.06.1-ce:rc1:*:*:community:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F2A1AE6D-371D-4876-90B7-0B8D62D5AFB5"
          },
          {
            "criteria": "cpe:2.3:a:docker:docker:18.06.1-ce:rc2:*:*:community:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D2AF3BE5-8C7B-4F4C-A381-59DFF1B5233A"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]
Overview

Risk scores

CVSS 3.0

CVSS 2.0

Weaknesses

Social media

Configurations

References
