PT-2018-13063 · Docker · Docker For Windows+1
Published
2018-09-01
·
Updated
2018-11-09
·
CVE-2018-15514
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Docker for Windows versions prior to 18.06.0-ce-rc3-win68 (edge) and prior to 18.06.0-ce-win72 (stable)
Description
The issue allows a malicious user in the "docker-users" group to escalate to administrator privileges by deserializing requests over the named pipe without verifying the validity of the deserialized .NET objects. This is due to the
HandleRequestAsync function not properly validating the deserialized .NET objects.Recommendations
For Docker for Windows versions prior to 18.06.0-ce-rc3-win68 (edge) and prior to 18.06.0-ce-win72 (stable), update to version 18.06.0-ce-rc3-win68 (edge) or 18.06.0-ce-win72 (stable) to resolve the issue. As a temporary workaround, consider restricting access to the "docker-users" group to minimize the risk of exploitation.
Exploit
Fix
Deserialization of Untrusted Data
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Docker
Docker For Windows