CVE-2018-15664

Name of the Vulnerable Software and Affected Versions Docker versions through 18.06.1-ce-rc2

Description The issue is related to a symlink-exchange attack with Directory Traversal in the API endpoints behind the 'docker cp' command, allowing attackers to gain arbitrary read-write access to the host filesystem with root privileges. This is due to the daemon/archive.go not performing archive operations on a frozen filesystem or from within a chroot. The vulnerability can be exploited to elevate privileges and gain read-write access to files. It affects all versions of Docker and remains unpatched, with a proposed patch pending acceptance to implement pausing container operations during filesystem operations.

Recommendations For Docker versions through 18.06.1-ce-rc2, consider disabling the daemon/archive.go component or restricting its use until a patch is available. As a temporary workaround, avoid using the docker cp command to prevent potential exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.