CVE-2018-15664

high
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

In Docker through 18.06.1-ce-rc2, the API endpoints behind the 'docker cp' command are vulnerable to a symlink-exchange attack with Directory Traversal, giving attackers arbitrary read-write access to the host filesystem with root privileges, because daemon/archive.go does not do archive operations on a frozen filesystem (or from within a chroot).

References

http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00066.html

http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00001.html

http://www.openwall.com/lists/oss-security/2019/05/28/1

http://www.openwall.com/lists/oss-security/2019/08/21/1

http://www.securityfocus.com/bid/108507

https://access.redhat.com/errata/RHSA-2019:1910

https://access.redhat.com/security/cve/cve-2018-15664

https://bugzilla.suse.com/show_bug.cgi?id=1096726

https://github.com/moby/moby/pull/39252

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-15664

https://usn.ubuntu.com/4048-1/

Details

Source: MITRE

Published: 2019-05-23

Updated: 2019-06-25

Type: CWE-362

Risk Information

CVSS v2

Base Score: 6.2

Vector: AV:L/AC:H/Au:N/C:C/I:C/A:C

Impact Score: 10

Exploitability Score: 1.9

Severity: MEDIUM

CVSS v3

Base Score: 7.5

Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H

Impact Score: 6

Exploitability Score: 0.8

Severity: HIGH

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:docker:docker:17.06.0-ce:*:*:*:community:*:*:*

cpe:2.3:a:docker:docker:17.06.0-ce:rc1:*:*:community:*:*:*

cpe:2.3:a:docker:docker:17.06.0-ce:rc2:*:*:community:*:*:*

cpe:2.3:a:docker:docker:17.06.0-ce:rc3:*:*:community:*:*:*

cpe:2.3:a:docker:docker:17.06.0-ce:rc4:*:*:community:*:*:*

cpe:2.3:a:docker:docker:17.06.0-ce:rc5:*:*:community:*:*:*

cpe:2.3:a:docker:docker:17.06.1-ce:*:*:*:community:*:*:*

cpe:2.3:a:docker:docker:17.06.1-ce:rc1:*:*:community:*:*:*

cpe:2.3:a:docker:docker:17.06.1-ce:rc2:*:*:community:*:*:*

cpe:2.3:a:docker:docker:17.06.1-ce:rc3:*:*:community:*:*:*

cpe:2.3:a:docker:docker:17.06.1-ce:rc4:*:*:community:*:*:*

cpe:2.3:a:docker:docker:17.06.2-ce:*:*:*:community:*:*:*

cpe:2.3:a:docker:docker:17.06.2-ce:rc1:*:*:community:*:*:*

cpe:2.3:a:docker:docker:17.07.0-ce:*:*:*:community:*:*:*

cpe:2.3:a:docker:docker:17.07.0-ce:rc1:*:*:community:*:*:*

cpe:2.3:a:docker:docker:17.07.0-ce:rc2:*:*:community:*:*:*

cpe:2.3:a:docker:docker:17.07.0-ce:rc3:*:*:community:*:*:*

cpe:2.3:a:docker:docker:17.07.0-ce:rc4:*:*:community:*:*:*

cpe:2.3:a:docker:docker:17.09.0-ce:*:*:*:community:*:*:*

cpe:2.3:a:docker:docker:17.09.0-ce:rc1:*:*:community:*:*:*

cpe:2.3:a:docker:docker:17.09.0-ce:rc2:*:*:community:*:*:*

cpe:2.3:a:docker:docker:17.09.0-ce:rc3:*:*:community:*:*:*

cpe:2.3:a:docker:docker:17.09.1-ce:*:*:*:community:*:*:*

cpe:2.3:a:docker:docker:17.09.1-ce-:rc1:*:*:community:*:*:*

cpe:2.3:a:docker:docker:17.10.0-ce:*:*:*:community:*:*:*

cpe:2.3:a:docker:docker:17.10.0-ce:rc1:*:*:community:*:*:*

cpe:2.3:a:docker:docker:17.10.0-ce:rc2:*:*:community:*:*:*

cpe:2.3:a:docker:docker:17.11.0-ce:*:*:*:community:*:*:*

cpe:2.3:a:docker:docker:17.11.0-ce:rc1:*:*:community:*:*:*

cpe:2.3:a:docker:docker:17.11.0-ce:rc2:*:*:community:*:*:*

cpe:2.3:a:docker:docker:17.11.0-ce:rc3:*:*:community:*:*:*

cpe:2.3:a:docker:docker:17.11.0-ce:rc4:*:*:community:*:*:*

cpe:2.3:a:docker:docker:17.12.0-ce:*:*:*:community:*:*:*

cpe:2.3:a:docker:docker:17.12.0-ce:rc1:*:*:community:*:*:*

cpe:2.3:a:docker:docker:17.12.0-ce:rc2:*:*:community:*:*:*

cpe:2.3:a:docker:docker:17.12.0-ce:rc3:*:*:community:*:*:*

cpe:2.3:a:docker:docker:17.12.0-ce:rc4:*:*:community:*:*:*

cpe:2.3:a:docker:docker:17.12.1-ce:*:*:*:community:*:*:*

cpe:2.3:a:docker:docker:17.12.1-ce:rc1:*:*:community:*:*:*

cpe:2.3:a:docker:docker:17.12.1-ce:rc2:*:*:community:*:*:*

cpe:2.3:a:docker:docker:18.01.0-ce:*:*:*:community:*:*:*

cpe:2.3:a:docker:docker:18.01.0-ce:rc1:*:*:community:*:*:*

cpe:2.3:a:docker:docker:18.02.0-ce:*:*:*:community:*:*:*

cpe:2.3:a:docker:docker:18.02.0-ce:rc1:*:*:community:*:*:*

cpe:2.3:a:docker:docker:18.02.0-ce:rc2:*:*:community:*:*:*

cpe:2.3:a:docker:docker:18.03.0-ce:*:*:*:community:*:*:*

cpe:2.3:a:docker:docker:18.03.0-ce:rc1:*:*:community:*:*:*

cpe:2.3:a:docker:docker:18.03.0-ce:rc2:*:*:community:*:*:*

cpe:2.3:a:docker:docker:18.03.0-ce:rc3:*:*:community:*:*:*

cpe:2.3:a:docker:docker:18.03.0-ce:rc4:*:*:community:*:*:*

cpe:2.3:a:docker:docker:18.03.1-ce:*:*:*:community:*:*:*

cpe:2.3:a:docker:docker:18.03.1-ce:rc1:*:*:community:*:*:*

cpe:2.3:a:docker:docker:18.03.1-ce:rc2:*:*:community:*:*:*

cpe:2.3:a:docker:docker:18.04.0-ce:*:*:*:community:*:*:*

cpe:2.3:a:docker:docker:18.04.0-ce:rc1:*:*:community:*:*:*

cpe:2.3:a:docker:docker:18.04.0-ce:rc2:*:*:community:*:*:*

cpe:2.3:a:docker:docker:18.05.0-ce:*:*:*:community:*:*:*

cpe:2.3:a:docker:docker:18.05.0-ce:rc1:*:*:community:*:*:*

cpe:2.3:a:docker:docker:18.06.0-ce:*:*:*:community:*:*:*

cpe:2.3:a:docker:docker:18.06.0-ce:rc1:*:*:community:*:*:*

cpe:2.3:a:docker:docker:18.06.0-ce:rc2:*:*:community:*:*:*

cpe:2.3:a:docker:docker:18.06.0-ce:rc3:*:*:community:*:*:*

cpe:2.3:a:docker:docker:18.06.1-ce:rc1:*:*:community:*:*:*

cpe:2.3:a:docker:docker:18.06.1-ce:rc2:*:*:community:*:*:*

Tenable Plugins

View all (12 total)

IDNameProductFamilySeverity
143962NewStart CGSL CORE 5.04 / MAIN 5.04 : docker-ce Multiple Vulnerabilities (NS-SA-2020-0082)NessusNewStart CGSL Local Security Checks
high
128458openSUSE Security Update : podman / slirp4netns and libcontainers-common (openSUSE-2019-2044)NessusSuSE Local Security Checks
high
128302SUSE SLES15 Security Update : podman, slirp4netns / libcontainers-common (SUSE-SU-2019:2223-1)NessusSuSE Local Security Checks
high
127627RHEL 7 : docker (RHSA-2019:1910)NessusRed Hat Local Security Checks
high
127073Amazon Linux AMI : docker (ALAS-2019-1245)NessusAmazon Linux Local Security Checks
high
126564Ubuntu 16.04 LTS / 18.04 LTS / 18.10 / 19.04 : Docker vulnerabilities (USN-4048-1)NessusUbuntu Local Security Checks
high
126236openSUSE Security Update : docker (openSUSE-2019-1621)NessusSuSE Local Security Checks
high
126209Photon OS 2.0: Docker PHSA-2019-2.0-0162NessusPhotonOS Local Security Checks
high
126192Photon OS 3.0: Docker PHSA-2019-3.0-0019NessusPhotonOS Local Security Checks
high
126190Photon OS 1.0: Docker PHSA-2019-1.0-0238NessusPhotonOS Local Security Checks
high
126047SUSE SLED15 / SLES15 Security Update : docker (SUSE-SU-2019:1562-1)NessusSuSE Local Security Checks
high
125938Oracle Linux 7 : docker-engine (ELSA-2019-4680)NessusOracle Linux Local Security Checks
high