CVE-2018-15664Race Condition in Docker

CWE-362Race ConditionCWE-22Path TraversalCWE-367Time-of-check Time-of-use (TOCTOU) Race Condition14 documents11 sources
Severity
7.5HIGHNVD
EPSS
6.9%
top 8.57%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Docker
Timeline
PublishedMay 23
Latest updateJul 31

Description

In Docker through 18.06.1-ce-rc2, the API endpoints behind the 'docker cp' command are vulnerable to a symlink-exchange attack with Directory Traversal, giving attackers arbitrary read-write access to the host filesystem with root privileges, because daemon/archive.go does not do archive operations on a frozen filesystem (or from within a chroot).

CVSS vector

CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:HExploitability: 0.8 | Impact: 6.0

Affected Packages1 packages

NVDdocker/docker19 versions+18

🔴Vulnerability Details

4
GHSA
GHSA-pv79-5r2c-jrpq: In Docker through 182022-05-24
Kernel
Merge branch 'work.openat2' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs2020-01-29
OSV
CVE-2018-15664: In Docker through 182019-05-23
CVEList
CVE-2018-15664: In Docker through 182019-05-23

📋Vendor Advisories

4
Microsoft
Docker Elevation of Privilege Vulnerability2019-07-09
Ubuntu
Docker vulnerabilities2019-07-08
Red Hat
docker: symlink-exchange race attacks in docker cp2019-05-23
Debian
CVE-2018-15664: docker.io - In Docker through 18.06.1-ce-rc2, the API endpoints behind the 'docker cp' comma...2018

📄Research Papers

2
arXiv
Microservice Vulnerability Analysis: A Literature Review with Empirical Insights2024-07-31
arXiv
AI-Driven Container Security Approaches for 5G and Beyond: A Survey2023-03-31

💬Community

3
Bugzilla
CVE-2018-15664 docker: symlink-exchange race attacks in docker cp2019-05-28
Bugzilla
CVE-2018-15664 docker: symlink-exchange race attacks in docker cp [fedora-all]2019-05-28
Bugzilla
CVE-2018-15664 docker: symlink-exchange race attacks in docker cp [openstack-rdo]2019-05-28