CVE-2018-15514

Severity CVSS v4.0:
Pending analysis
Type:
CWE-502 Deserialization of Untrusted Dat
Publication date:
01/09/2018
Last modified:
09/11/2018

Description

HandleRequestAsync in Docker for Windows before 18.06.0-ce-rc3-win68 (edge) and before 18.06.0-ce-win72 (stable) deserialized requests over the \\.\pipe\dockerBackend named pipe without verifying the validity of the deserialized .NET objects. This would allow a malicious user in the "docker-users" group (who may not otherwise have administrator access) to escalate to administrator privileges.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:docker:docker:1.10.0.0-0:*:*:*:community:windows:*:*
cpe:2.3:a:docker:docker:1.10.1.42-1:*:*:*:community:windows:*:*
cpe:2.3:a:docker:docker:1.10.2.12:*:*:*:community:windows:*:*
cpe:2.3:a:docker:docker:1.10.2.14:*:*:*:community:windows:*:*
cpe:2.3:a:docker:docker:1.10.4.0:*:*:*:community:windows:*:*
cpe:2.3:a:docker:docker:1.10.6:*:*:*:community:windows:*:*
cpe:2.3:a:docker:docker:1.11.0:*:*:*:community:windows:*:*
cpe:2.3:a:docker:docker:1.11.0:beta10:*:*:community:windows:*:*
cpe:2.3:a:docker:docker:1.11.0:beta7:*:*:community:windows:*:*
cpe:2.3:a:docker:docker:1.11.0:beta8:*:*:community:windows:*:*
cpe:2.3:a:docker:docker:1.11.0:beta9:*:*:community:windows:*:*
cpe:2.3:a:docker:docker:1.11.1:beta11:*:*:community:windows:*:*
cpe:2.3:a:docker:docker:1.11.1:beta11b:*:*:community:windows:*:*
cpe:2.3:a:docker:docker:1.11.1:beta12:*:*:community:windows:*:*
cpe:2.3:a:docker:docker:1.11.1:beta13:*:*:community:windows:*:*