fkie_cve-2018-15514
Vulnerability from fkie_nvd
Published
2018-09-01 01:29
Modified
2024-11-21 03:50
Severity ?
Summary
HandleRequestAsync in Docker for Windows before 18.06.0-ce-rc3-win68 (edge) and before 18.06.0-ce-win72 (stable) deserialized requests over the \\.\pipe\dockerBackend named pipe without verifying the validity of the deserialized .NET objects. This would allow a malicious user in the "docker-users" group (who may not otherwise have administrator access) to escalate to administrator privileges.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.securityfocus.com/bid/105202 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://docs.docker.com/docker-for-windows/edge-release-notes/ | Vendor Advisory | |
| cve@mitre.org | https://docs.docker.com/docker-for-windows/release-notes/ | Vendor Advisory | |
| cve@mitre.org | https://srcincite.io/blog/2018/08/31/you-cant-contain-me-analyzing-and-exploiting-an-elevation-of-privilege-in-docker-for-windows.html | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/105202 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.docker.com/docker-for-windows/edge-release-notes/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.docker.com/docker-for-windows/release-notes/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://srcincite.io/blog/2018/08/31/you-cant-contain-me-analyzing-and-exploiting-an-elevation-of-privilege-in-docker-for-windows.html | Exploit, Third Party Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:docker:docker:1.10.0.0-0:*:*:*:community:windows:*:*",
"matchCriteriaId": "75EE0C09-2480-49C2-82CF-CFE415EA1D46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:docker:docker:1.10.1.42-1:*:*:*:community:windows:*:*",
"matchCriteriaId": "C64BD778-32B2-48A7-A60E-B40632071A3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:docker:docker:1.10.2.12:*:*:*:community:windows:*:*",
"matchCriteriaId": "F0C1D108-3116-4760-B60A-29B0AC5DDD9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:docker:docker:1.10.2.14:*:*:*:community:windows:*:*",
"matchCriteriaId": "F8A5EFD1-686B-45EE-8486-379BE11BF3F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:docker:docker:1.10.4.0:*:*:*:community:windows:*:*",
"matchCriteriaId": "C941DFFA-E63E-4C1E-944E-5145BE8520A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:docker:docker:1.10.6:*:*:*:community:windows:*:*",
"matchCriteriaId": "ED4DAF79-618F-414E-BA01-49E6A559CF50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:docker:docker:1.11.0:*:*:*:community:windows:*:*",
"matchCriteriaId": "7773B0DB-BC39-402E-BECC-7E5D60C05212",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:docker:docker:1.11.0:beta10:*:*:community:windows:*:*",
"matchCriteriaId": "BB8D95B4-919C-44C6-BD5F-1C074C03C806",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:docker:docker:1.11.0:beta7:*:*:community:windows:*:*",
"matchCriteriaId": "3F354463-E70D-4EC2-BA5F-0260E46EA849",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:docker:docker:1.11.0:beta8:*:*:community:windows:*:*",
"matchCriteriaId": "F4BEB0C7-CC5C-4064-8048-2F3E82BE49AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:docker:docker:1.11.0:beta9:*:*:community:windows:*:*",
"matchCriteriaId": "EAFFE22E-C685-4E4B-8A52-338896CE54BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:docker:docker:1.11.1:beta11:*:*:community:windows:*:*",
"matchCriteriaId": "5A22BE8E-99A1-4E35-A9F5-39CACE1B6040",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:docker:docker:1.11.1:beta11b:*:*:community:windows:*:*",
"matchCriteriaId": "621EBA1C-6209-458F-8518-C93A727CE60F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:docker:docker:1.11.1:beta12:*:*:community:windows:*:*",
"matchCriteriaId": "B2E93E38-3E5F-4174-A823-DD788D4A1829",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:docker:docker:1.11.1:beta13:*:*:community:windows:*:*",
"matchCriteriaId": "9D2D3C31-F2DB-47C1-9341-E64011D86661",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:docker:docker:1.11.1:beta14:*:*:community:windows:*:*",
"matchCriteriaId": "81A2DB95-E0D9-4D33-A39E-C351D975F1B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:docker:docker:1.11.2:beta15:*:*:community:windows:*:*",
"matchCriteriaId": "8B0A4AEE-7EE9-44B1-9AAE-D3DFACD8F98E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:docker:docker:1.12.0:*:*:*:*:windows:*:*",
"matchCriteriaId": "075C09B5-FE9E-44C0-AFD4-B2BDCE2FDAA7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:docker:docker:1.12.0:beta21:*:*:community:windows:*:*",
"matchCriteriaId": "F6663998-DBE2-49B8-9636-8F4BBCFC3DBC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:docker:docker:1.12.0:beta22:*:*:community:windows:*:*",
"matchCriteriaId": "93EDCD8A-0432-4BF9-868E-FA9074060EC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:docker:docker:1.12.0:rc2-beta16:*:*:community:windows:*:*",
"matchCriteriaId": "B1CAD773-44AF-40AC-B65D-97F3A0689FAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:docker:docker:1.12.0:rc2-beta17:*:*:community:windows:*:*",
"matchCriteriaId": "A52E65C6-7DB4-468D-B91F-654BFDE9C3C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:docker:docker:1.12.0:rc3-beta18:*:*:community:windows:*:*",
"matchCriteriaId": "06F89D97-7665-433B-B25F-F66FE23B6AEC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:docker:docker:1.12.0:rc3-beta18.1:*:*:community:windows:*:*",
"matchCriteriaId": "881FB068-8B13-4585-A718-3BFF119A0934",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:docker:docker:1.12.0:rc4-beta19:*:*:community:windows:*:*",
"matchCriteriaId": "C901FDA8-23BF-40E3-9427-AC8B40145F18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:docker:docker:1.12.0:rc4-beta20:*:*:community:windows:*:*",
"matchCriteriaId": "59DD40E5-C7EE-4D7D-B551-2EE7F52CDFDD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:docker:docker:1.12.1:*:*:*:*:windows:*:*",
"matchCriteriaId": "3A24BD65-38A7-46E4-8482-0947BD58757E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:docker:docker:1.12.1:beta24:*:*:community:windows:*:*",
"matchCriteriaId": "8778CDA0-4018-4AF9-996C-3EB8EDD7DC0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:docker:docker:1.12.1:beta25:*:*:community:windows:*:*",
"matchCriteriaId": "514E870E-47BA-44C9-9E32-731D9F69C4F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:docker:docker:1.12.1:beta26:*:*:community:windows:*:*",
"matchCriteriaId": "E1971949-CA54-4E81-B355-10717F0C0CD8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:docker:docker:1.12.1:beta29.1:*:*:community:windows:*:*",
"matchCriteriaId": "A032102B-84D1-408D-838B-E38574AF5514",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:docker:docker:1.12.1:rc1-beta23:*:*:community:windows:*:*",
"matchCriteriaId": "4067DC55-E422-4E39-AF38-0F006098F349",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:docker:docker:1.12.2:beta29.2:*:*:community:windows:*:*",
"matchCriteriaId": "27616814-A5AB-44F2-92E9-0FF11F859B2C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:docker:docker:1.12.2:rc1-beta27:*:*:community:windows:*:*",
"matchCriteriaId": "A246673D-ADFB-459B-BCB6-002EE99A5077",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:docker:docker:1.12.2:rc3-beta28:*:*:community:windows:*:*",
"matchCriteriaId": "7CEE20EA-A79A-46A0-B127-6AA3AFE8776C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:docker:docker:1.12.3:*:*:*:*:windows:*:*",
"matchCriteriaId": "1565619C-D6CD-4446-8D42-7845E11F903F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:docker:docker:1.12.3:beta29.3:*:*:community:windows:*:*",
"matchCriteriaId": "53B50673-0CCE-4A1D-BAC9-464AA3C4C792",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:docker:docker:1.12.3:beta30:*:*:community:windows:*:*",
"matchCriteriaId": "14D7FA2B-FE02-4BFA-90FC-B5349D0D0490",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:docker:docker:1.12.3:rc1-beta29:*:*:community:windows:*:*",
"matchCriteriaId": "2C172802-03EA-4AE0-B570-151ABB0E8266",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:docker:docker:1.12.5:*:*:*:*:windows:*:*",
"matchCriteriaId": "5CE4B770-DFC9-422D-8CFD-F899DD32D142",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:docker:docker:1.13.0:*:*:*:*:windows:*:*",
"matchCriteriaId": "ABBD2ACE-307E-4021-9165-2560658643F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:docker:docker:1.13.0:beta38:*:*:community:windows:*:*",
"matchCriteriaId": "28B27B5C-FC2E-4D5F-AD80-6DC1512737C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:docker:docker:1.13.0:beta39:*:*:community:windows:*:*",
"matchCriteriaId": "D4C45FBD-DDC5-4D5E-B685-BC875C1123DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:docker:docker:1.13.0:rc2-beta31:*:*:community:windows:*:*",
"matchCriteriaId": "63149AFC-FF10-4891-9FF7-5E29BED332FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:docker:docker:1.13.0:rc3-beta32:*:*:community:windows:*:*",
"matchCriteriaId": "80504172-D891-46ED-968B-15A16851E055",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:docker:docker:1.13.0:rc3-beta32.1:*:*:community:windows:*:*",
"matchCriteriaId": "3DDB7AD7-13A8-4406-AAF6-04335C8EC9D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:docker:docker:1.13.0:rc3-beta33:*:*:community:windows:*:*",
"matchCriteriaId": "6E3EA94A-E759-4D09-AE37-4285E7DB625E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:docker:docker:1.13.0:rc4-beta34:*:*:community:windows:*:*",
"matchCriteriaId": "42C702B0-4C6D-4595-921D-6F8444BDD27D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:docker:docker:1.13.0:rc5-beta35:*:*:community:windows:*:*",
"matchCriteriaId": "8DC93CDE-EA4C-46C3-BCEF-5853F891AD71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:docker:docker:1.13.0:rc6-beta36:*:*:community:windows:*:*",
"matchCriteriaId": "928B8913-9E02-4EC4-9D95-C94848828C07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:docker:docker:1.13.0:rc7-beta37:*:*:community:windows:*:*",
"matchCriteriaId": "77E37EC4-EB4D-48ED-8B2A-C86506D121CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:docker:docker:1.13.1:*:*:*:*:windows:*:*",
"matchCriteriaId": "1BF8ED77-6AB6-49C0-B456-0672F0007C6D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:docker:docker:1.13.1:rc1-beta40:*:*:community:windows:*:*",
"matchCriteriaId": "AAF125E9-74FE-4C4F-862E-F85075CAC778",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:docker:docker:1.13.1:rc2-beta41:*:*:community:windows:*:*",
"matchCriteriaId": "B012C23D-DA07-466D-83BE-E96207646033",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:docker:docker:17.0.4:win7:*:*:community:windows:*:*",
"matchCriteriaId": "6AB3E159-4585-4BA8-B3F0-1C34656DBF7C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:docker:docker:17.0.5:win9:*:*:community:windows:*:*",
"matchCriteriaId": "7ACFEE15-EE8A-4C9A-826E-30D7F97071C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:docker:docker:17.03.0:*:*:*:community:windows:*:*",
"matchCriteriaId": "516BBB86-054E-49DF-8DDC-CE74639DDD12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:docker:docker:17.03.0:rc1-win1:*:*:community:windows:*:*",
"matchCriteriaId": "564BCCEC-E6D8-4B5D-A6E4-876D3F671851",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:docker:docker:17.03.1:win12:*:*:community:windows:*:*",
"matchCriteriaId": "DD07550E-3155-475B-8152-2A7256F9BF74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:docker:docker:17.04.0:win6:*:*:community:windows:*:*",
"matchCriteriaId": "D98B4755-468F-45C4-91C6-CCA87A218F23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:docker:docker:17.06.0:win13:*:*:community:windows:*:*",
"matchCriteriaId": "ED89DFDA-30CC-4835-A249-684DF582C5CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:docker:docker:17.06.0:win14:*:*:community:windows:*:*",
"matchCriteriaId": "60CFB208-6C04-4412-B45F-55DF1AEF911B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:docker:docker:17.06.0:win15:*:*:community:windows:*:*",
"matchCriteriaId": "B192ABF5-8FF4-47AF-9D6B-F87D44F2AB71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:docker:docker:17.06.0:win16:*:*:community:windows:*:*",
"matchCriteriaId": "05C9D372-2016-4209-95EF-B878D12B6135",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:docker:docker:17.06.0:win17:*:*:community:windows:*:*",
"matchCriteriaId": "A6ADB083-FD23-4A7F-B1C8-37F6A7B242E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:docker:docker:17.06.0:win18:*:*:community:windows:*:*",
"matchCriteriaId": "E3AFEDA5-18A0-4282-A167-B1A89E507D49",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:docker:docker:17.06.1:rc1-win20:*:*:community:windows:*:*",
"matchCriteriaId": "5EEAE95B-3992-48B2-9948-4BB67BE23C40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:docker:docker:17.06.1:rc1-win24:*:*:community:windows:*:*",
"matchCriteriaId": "4CA3DF3A-9460-4F94-A1C8-6266110ACEB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:docker:docker:17.06.2:win27:*:*:community:windows:*:*",
"matchCriteriaId": "D4CE903B-BB7C-4E12-A876-CBE7A0CFB8EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:docker:docker:17.07.0:rc1-win21:*:*:community:windows:*:*",
"matchCriteriaId": "9A6DDBBE-813B-4834-819C-3C10A0E6D27E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:docker:docker:17.07.0:rc2-win22:*:*:community:windows:*:*",
"matchCriteriaId": "FD578365-B1F2-4206-90D5-204DCA0C3C96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:docker:docker:17.07.0:rc3-win23:*:*:community:windows:*:*",
"matchCriteriaId": "5F8F7EA2-1629-445C-8C84-729F61E6AF47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:docker:docker:17.07.0:rc4-win25:*:*:community:windows:*:*",
"matchCriteriaId": "D62A6E93-EF27-4AAF-9A9A-D0359D16D251",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:docker:docker:17.07.0:win26:*:*:community:windows:*:*",
"matchCriteriaId": "061988B5-5AB9-43C8-9FAB-DDB0E4FD3939",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:docker:docker:17.09.0:rc1-win28:*:*:community:windows:*:*",
"matchCriteriaId": "0DBC9ED8-F35B-4166-9CC1-6EC98BBCA934",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:docker:docker:17.09.0:rc2-win29:*:*:community:windows:*:*",
"matchCriteriaId": "B8C2214C-0501-4599-A87C-00761AA74D6D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:docker:docker:17.09.0:rc3-win30:*:*:community:windows:*:*",
"matchCriteriaId": "333C132D-5428-4D7F-A45A-003E3FE8B759",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:docker:docker:17.09.0:win31:*:*:community:windows:*:*",
"matchCriteriaId": "25C1E065-84AB-4869-AF39-70FD9D56B25B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:docker:docker:17.09.0:win32:*:*:community:windows:*:*",
"matchCriteriaId": "00364002-CD94-4836-99DD-1DCEBCAE5366",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:docker:docker:17.09.0:win33:*:*:community:windows:*:*",
"matchCriteriaId": "8F4ED954-7BBD-4748-8E7A-87AC736CF915",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:docker:docker:17.09.0:win34:*:*:community:windows:*:*",
"matchCriteriaId": "C6B34836-13CE-4C80-BBE4-00BF192FB62E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:docker:docker:17.09.1:win42:*:*:community:windows:*:*",
"matchCriteriaId": "EA48FE95-EC6E-412E-B39B-AA069EBDC6A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:docker:docker:17.10.0:win36:*:*:community:windows:*:*",
"matchCriteriaId": "9E2EAFA5-AE2C-40F3-8C77-3488A90F3C7D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:docker:docker:17.11.0:rc2-win37:*:*:community:windows:*:*",
"matchCriteriaId": "5EDF8C69-CA99-4013-85E4-3B0B83C66756",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:docker:docker:17.11.0:rc3-win38:*:*:community:windows:*:*",
"matchCriteriaId": "3E656584-3B8E-4C45-81F6-A6A9228D1A13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:docker:docker:17.11.0:rc4-win39:*:*:community:windows:*:*",
"matchCriteriaId": "01449C91-E503-447B-B692-B1B79E15DF6B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:docker:docker:17.11.0:win40:*:*:community:windows:*:*",
"matchCriteriaId": "DC81DD87-91FF-4A2B-B0FA-8C5E9FE972FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:docker:docker:17.12.0:rc2-win41:*:*:community:windows:*:*",
"matchCriteriaId": "906378CF-358A-45D0-ACA4-91B92668DA0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:docker:docker:17.12.0:rc3-win43:*:*:community:windows:*:*",
"matchCriteriaId": "47BD87E0-2D15-4BCA-8834-E7E8FEA84AF4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:docker:docker:17.12.0:rc4-win44:*:*:community:windows:*:*",
"matchCriteriaId": "CBC1A03F-7B4A-49A7-BD97-DB0CCD3DE1DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:docker:docker:17.12.0:win45:*:*:community:windows:*:*",
"matchCriteriaId": "5EFECB02-3416-462F-8D59-13C1A1E301DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:docker:docker:17.12.0:win46:*:*:community:windows:*:*",
"matchCriteriaId": "CD3A423E-3900-410E-A4E9-E4FC0571732C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:docker:docker:17.12.0:win47:*:*:community:windows:*:*",
"matchCriteriaId": "EF28F00E-801C-47C5-B4F2-C8C37D6DF9BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:docker:docker:18.01.0:win48:*:*:community:windows:*:*",
"matchCriteriaId": "FBA4C9AD-F692-4130-8968-B1C67C76C666",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:docker:docker:18.02.0:rc1-win50:*:*:community:windows:*:*",
"matchCriteriaId": "D158838B-15AD-4BFE-A6D8-E6980337BEE5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:docker:docker:18.02.0:rc2-win51:*:*:community:windows:*:*",
"matchCriteriaId": "3CD92CB8-6369-4212-8BEB-0395A9FB9115",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:docker:docker:18.02.0:win52:*:*:community:windows:*:*",
"matchCriteriaId": "E1EAC1F9-0A84-4FD6-B552-87BA9020257C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:docker:docker:18.03.0:rc3-win56:*:*:community:windows:*:*",
"matchCriteriaId": "E60F90BB-A3DD-47C0-8F7E-BAD8045331B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:docker:docker:18.03.0:win58:*:*:community:windows:*:*",
"matchCriteriaId": "4B35132A-1955-49E9-A336-5C9390B51A84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:docker:docker:18.03.0:win59:*:*:community:windows:*:*",
"matchCriteriaId": "F143F995-DB17-40F6-9797-39A9CBFC487E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:docker:docker:18.03.1:win65:*:*:community:windows:*:*",
"matchCriteriaId": "C824F3F5-1DD6-4DE9-ADE0-3F677EFD75F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:docker:docker:18.04.0:rc2-win61:*:*:community:windows:*:*",
"matchCriteriaId": "56D08EEE-6A53-4D9D-BDAD-308B980E3529",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:docker:docker:18.05.0:rc1-win63:*:*:community:windows:*:*",
"matchCriteriaId": "C20F89FB-C503-4EB1-8786-8E32EF0F6717",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:docker:docker:18.05.0:win66:*:*:community:windows:*:*",
"matchCriteriaId": "A92250A7-C706-43AC-A74B-0D6E7730742A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "HandleRequestAsync in Docker for Windows before 18.06.0-ce-rc3-win68 (edge) and before 18.06.0-ce-win72 (stable) deserialized requests over the \\\\.\\pipe\\dockerBackend named pipe without verifying the validity of the deserialized .NET objects. This would allow a malicious user in the \"docker-users\" group (who may not otherwise have administrator access) to escalate to administrator privileges."
},
{
"lang": "es",
"value": "HandleRequestAsync en Docker para Windows en versiones anteriores a la 18.06.0-ce-rc3-win68 (edge) y anteriores a la 18.06.0-ce-win72 (estable) deserializaba peticiones a trav\u00e9s de la tuber\u00eda nombrada \\\\.\\pipe\\dockerBackend sin verificar la validez de los objetos .NET deserializados. Esto permitir\u00eda que un usuario malicioso en el grupo \"docker-users\" (que, de otra forma, podr\u00eda no tener acceso de administrador) escale sus privilegios a nivel de administrador."
}
],
"id": "CVE-2018-15514",
"lastModified": "2024-11-21T03:50:59.077",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-09-01T01:29:00.233",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/105202"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://docs.docker.com/docker-for-windows/edge-release-notes/"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://docs.docker.com/docker-for-windows/release-notes/"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://srcincite.io/blog/2018/08/31/you-cant-contain-me-analyzing-and-exploiting-an-elevation-of-privilege-in-docker-for-windows.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/105202"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://docs.docker.com/docker-for-windows/edge-release-notes/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://docs.docker.com/docker-for-windows/release-notes/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://srcincite.io/blog/2018/08/31/you-cant-contain-me-analyzing-and-exploiting-an-elevation-of-privilege-in-docker-for-windows.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-502"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.