Lucene search

[email protected]CVE-2018-15514

HistorySep 01, 2018 - 1:29 a.m.

CVE-2018-15514

2018-09-0101:29:00

CWE-502

[email protected]

web.nvd.nist.gov

cve-2018-15514

docker

windows

vulnerability

escalation

nvd

security

exploit

6.5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8.7 High

AI Score

Confidence

High

0.016 Low

EPSS

Percentile

87.7%

JSON

HandleRequestAsync in Docker for Windows before 18.06.0-ce-rc3-win68 (edge) and before 18.06.0-ce-win72 (stable) deserialized requests over the \.\pipe\dockerBackend named pipe without verifying the validity of the deserialized .NET objects. This would allow a malicious user in the “docker-users” group (who may not otherwise have administrator access) to escalate to administrator privileges.

Affected configurations

NVD

Node

dockerdockerMatch1.10.0.0-0communitywindows

dockerdockerMatch1.10.1.42-1communitywindows

dockerdockerMatch1.10.2.12communitywindows

dockerdockerMatch1.10.2.14communitywindows

dockerdockerMatch1.10.4.0communitywindows

dockerdockerMatch1.10.6communitywindows

dockerdockerMatch1.11.0communitywindows

dockerdockerMatch1.11.0beta10communitywindows

dockerdockerMatch1.11.0beta7communitywindows

dockerdockerMatch1.11.0beta8communitywindows

dockerdockerMatch1.11.0beta9communitywindows

dockerdockerMatch1.11.1beta11communitywindows

dockerdockerMatch1.11.1beta11bcommunitywindows

dockerdockerMatch1.11.1beta12communitywindows

dockerdockerMatch1.11.1beta13communitywindows

dockerdockerMatch1.11.1beta14communitywindows

dockerdockerMatch1.11.2beta15communitywindows

dockerdockerMatch1.12.0windows

dockerdockerMatch1.12.0beta21communitywindows

dockerdockerMatch1.12.0beta22communitywindows

dockerdockerMatch1.12.0rc2-beta16communitywindows

dockerdockerMatch1.12.0rc2-beta17communitywindows

dockerdockerMatch1.12.0rc3-beta18communitywindows

dockerdockerMatch1.12.0rc3-beta18.1communitywindows

dockerdockerMatch1.12.0rc4-beta19communitywindows

dockerdockerMatch1.12.0rc4-beta20communitywindows

dockerdockerMatch1.12.1windows

dockerdockerMatch1.12.1beta24communitywindows

dockerdockerMatch1.12.1beta25communitywindows

dockerdockerMatch1.12.1beta26communitywindows

dockerdockerMatch1.12.1beta29.1communitywindows

dockerdockerMatch1.12.1rc1-beta23communitywindows

dockerdockerMatch1.12.2beta29.2communitywindows

dockerdockerMatch1.12.2rc1-beta27communitywindows

dockerdockerMatch1.12.2rc3-beta28communitywindows

dockerdockerMatch1.12.3windows

dockerdockerMatch1.12.3beta29.3communitywindows

dockerdockerMatch1.12.3beta30communitywindows

dockerdockerMatch1.12.3rc1-beta29communitywindows

dockerdockerMatch1.12.5windows

dockerdockerMatch1.13.0windows

dockerdockerMatch1.13.0beta38communitywindows

dockerdockerMatch1.13.0beta39communitywindows

dockerdockerMatch1.13.0rc2-beta31communitywindows

dockerdockerMatch1.13.0rc3-beta32communitywindows

dockerdockerMatch1.13.0rc3-beta32.1communitywindows

dockerdockerMatch1.13.0rc3-beta33communitywindows

dockerdockerMatch1.13.0rc4-beta34communitywindows

dockerdockerMatch1.13.0rc5-beta35communitywindows

dockerdockerMatch1.13.0rc6-beta36communitywindows

dockerdockerMatch1.13.0rc7-beta37communitywindows

dockerdockerMatch1.13.1windows

dockerdockerMatch1.13.1rc1-beta40communitywindows

dockerdockerMatch1.13.1rc2-beta41communitywindows

dockerdockerMatch17.0.4win7communitywindows

dockerdockerMatch17.0.5win9communitywindows

dockerdockerMatch17.03.0communitywindows

dockerdockerMatch17.03.0rc1-win1communitywindows

dockerdockerMatch17.03.1win12communitywindows

dockerdockerMatch17.04.0win6communitywindows

dockerdockerMatch17.06.0win13communitywindows

dockerdockerMatch17.06.0win14communitywindows

dockerdockerMatch17.06.0win15communitywindows

dockerdockerMatch17.06.0win16communitywindows

dockerdockerMatch17.06.0win17communitywindows

dockerdockerMatch17.06.0win18communitywindows

dockerdockerMatch17.06.1rc1-win20communitywindows

dockerdockerMatch17.06.1rc1-win24communitywindows

dockerdockerMatch17.06.2win27communitywindows

dockerdockerMatch17.07.0rc1-win21communitywindows

dockerdockerMatch17.07.0rc2-win22communitywindows

dockerdockerMatch17.07.0rc3-win23communitywindows

dockerdockerMatch17.07.0rc4-win25communitywindows

dockerdockerMatch17.07.0win26communitywindows

dockerdockerMatch17.09.0rc1-win28communitywindows

dockerdockerMatch17.09.0rc2-win29communitywindows

dockerdockerMatch17.09.0rc3-win30communitywindows

dockerdockerMatch17.09.0win31communitywindows

dockerdockerMatch17.09.0win32communitywindows

dockerdockerMatch17.09.0win33communitywindows

dockerdockerMatch17.09.0win34communitywindows

dockerdockerMatch17.09.1win42communitywindows

dockerdockerMatch17.10.0win36communitywindows

dockerdockerMatch17.11.0rc2-win37communitywindows

dockerdockerMatch17.11.0rc3-win38communitywindows

dockerdockerMatch17.11.0rc4-win39communitywindows

dockerdockerMatch17.11.0win40communitywindows

dockerdockerMatch17.12.0rc2-win41communitywindows

dockerdockerMatch17.12.0rc3-win43communitywindows

dockerdockerMatch17.12.0rc4-win44communitywindows

dockerdockerMatch17.12.0win45communitywindows

dockerdockerMatch17.12.0win46communitywindows

dockerdockerMatch17.12.0win47communitywindows

dockerdockerMatch18.01.0win48communitywindows

dockerdockerMatch18.02.0rc1-win50communitywindows

dockerdockerMatch18.02.0rc2-win51communitywindows

dockerdockerMatch18.02.0win52communitywindows

dockerdockerMatch18.03.0rc3-win56communitywindows

dockerdockerMatch18.03.0win58communitywindows

dockerdockerMatch18.03.0win59communitywindows

dockerdockerMatch18.03.1win65communitywindows

dockerdockerMatch18.04.0rc2-win61communitywindows

dockerdockerMatch18.05.0rc1-win63communitywindows

dockerdockerMatch18.05.0win66communitywindows

CPENameOperatorVersion
docker:dockerdockereq1.10.0.0-0
docker:dockerdockereq1.10.1.42-1
docker:dockerdockereq1.10.2.12
docker:dockerdockereq1.10.2.14
docker:dockerdockereq1.10.4.0
docker:dockerdockereq1.10.6
docker:dockerdockereq1.11.0
docker:dockerdockereq1.11.1
docker:dockerdockereq1.11.2
docker:dockerdockereq1.12.0

CPE	Name	Operator	Version
docker:docker	docker	eq	1.10.0.0-0
docker:docker	docker	eq	1.10.1.42-1
docker:docker	docker	eq	1.10.2.12
docker:docker	docker	eq	1.10.2.14
docker:docker	docker	eq	1.10.4.0
docker:docker	docker	eq	1.10.6
docker:docker	docker	eq	1.11.0
docker:docker	docker	eq	1.11.1
docker:docker	docker	eq	1.11.2
docker:docker	docker	eq	1.12.0

Rows per page:

1-10 of 361

References

www.securityfocus.com/bid/105202

docs.docker.com/docker-for-windows/edge-release-notes/

docs.docker.com/docker-for-windows/release-notes/

srcincite.io/blog/2018/08/31/you-cant-contain-me-analyzing-and-exploiting-an-elevation-of-privilege-in-docker-for-windows.html

6.5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8.7 High

AI Score

Confidence

High

0.016 Low

EPSS

Percentile

87.7%

JSON

Related for CVE-2018-15514

nvd1 openvas1 nessus1 srcincite1 prion1 osv1 cvelist1