CVE-2018-15664
Description
In Docker through 18.06.1-ce-rc2, the API endpoints behind the docker cp command are vulnerable to a symlink-exchange attack with Directory Traversal, giving attackers arbitrary read-write access to the host filesystem with root privileges, because daemon/archive.go does not do archive operations on a frozen filesystem (or from within a chroot).
Risk Information
Base Score
7.5
MODERATE
Vector
CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H
EPSS Score
Exploitation Probability
6.313
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| (RHSA-2019:1910) docker security and bug fix update docker-1.13.1-102.git7f2769b.el7.x86_64.rpm | Linux |
| (RHSA-2019:1910) docker security and bug fix update docker-client-1.13.1-102.git7f2769b.el7.x86_64.rpm | Linux |
| (RHSA-2019:1910) docker security and bug fix update docker-common-1.13.1-102.git7f2769b.el7.x86_64.rpm | Linux |
| (RHSA-2019:1910) docker security and bug fix update docker-logrotate-1.13.1-102.git7f2769b.el7.x86_64.rpm | Linux |
| (RHSA-2019:1910) docker security and bug fix update docker-lvm-plugin-1.13.1-102.git7f2769b.el7.x86_64.rpm | Linux |
| (RHSA-2019:1910) docker security and bug fix update docker-novolume-plugin-1.13.1-102.git7f2769b.el7.x86_64.rpm | Linux |
| (RHSA-2019:1910) docker security and bug fix update docker-rhel-push-plugin-1.13.1-102.git7f2769b.el7.x86_64.rpm | Linux |
| (RHSA-2019:1910) docker security and bug fix update docker-v1.10-migrator-1.13.1-102.git7f2769b.el7.x86_64.rpm | Linux |
| Runc update (ELSA-2019-4680) runc-1.0.0-19.rc5.git4bb1fe4.0.4.el7.x86_64.rpm | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234