{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2019-05-22T00:00:00", "descriptions": [{"lang": "en", "value": "In Docker through 18.06.1-ce-rc2, the API endpoints behind the 'docker cp' command are vulnerable to a symlink-exchange attack with Directory Traversal, giving attackers arbitrary read-write access to the host filesystem with root privileges, because daemon/archive.go does not do archive operations on a frozen filesystem (or from within a chroot)."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-09-01T23:06:07", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://bugzilla.suse.com/show_bug.cgi?id=1096726"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/moby/moby/pull/39252"}, {"name": "[oss-security] 20190528 CVE-2018-15664: docker (all versions) is vulnerable to a symlink-race attack", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2019/05/28/1"}, {"name": "108507", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/108507"}, {"name": "openSUSE-SU-2019:1621", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00066.html"}, {"name": "USN-4048-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/4048-1/"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-15664"}, {"name": "RHSA-2019:1910", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2019:1910"}, {"name": "[oss-security] 20190821 RE: CVE-2018-15664: docker (all versions) is vulnerable to a symlink-race attack", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2019/08/21/1"}, {"name": "openSUSE-SU-2019:2044", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00001.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-15664", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "In Docker through 18.06.1-ce-rc2, the API endpoints behind the 'docker cp' command are vulnerable to a symlink-exchange attack with Directory Traversal, giving attackers arbitrary read-write access to the host filesystem with root privileges, because daemon/archive.go does not do archive operations on a frozen filesystem (or from within a chroot)."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://bugzilla.suse.com/show_bug.cgi?id=1096726", "refsource": "MISC", "url": "https://bugzilla.suse.com/show_bug.cgi?id=1096726"}, {"name": "https://github.com/moby/moby/pull/39252", "refsource": "MISC", "url": "https://github.com/moby/moby/pull/39252"}, {"name": "[oss-security] 20190528 CVE-2018-15664: docker (all versions) is vulnerable to a symlink-race attack", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2019/05/28/1"}, {"name": "108507", "refsource": "BID", "url": "http://www.securityfocus.com/bid/108507"}, {"name": "openSUSE-SU-2019:1621", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00066.html"}, {"name": "USN-4048-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/4048-1/"}, {"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-15664", "refsource": "CONFIRM", "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-15664"}, {"name": "RHSA-2019:1910", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:1910"}, {"name": "[oss-security] 20190821 RE: CVE-2018-15664: docker (all versions) is vulnerable to a symlink-race attack", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2019/08/21/1"}, {"name": "openSUSE-SU-2019:2044", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00001.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T10:01:54.533Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://bugzilla.suse.com/show_bug.cgi?id=1096726"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/moby/moby/pull/39252"}, {"name": "[oss-security] 20190528 CVE-2018-15664: docker (all versions) is vulnerable to a symlink-race attack", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2019/05/28/1"}, {"name": "108507", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/108507"}, {"name": "openSUSE-SU-2019:1621", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00066.html"}, {"name": "USN-4048-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "https://usn.ubuntu.com/4048-1/"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-15664"}, {"name": "RHSA-2019:1910", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2019:1910"}, {"name": "[oss-security] 20190821 RE: CVE-2018-15664: docker (all versions) is vulnerable to a symlink-race attack", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2019/08/21/1"}, {"name": "openSUSE-SU-2019:2044", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00001.html"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2018-15664", "datePublished": "2019-05-23T13:58:37", "dateReserved": "2018-08-21T00:00:00", "dateUpdated": "2024-08-05T10:01:54.533Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:docker:docker:17.06.0-ce:*:*:*:community:*:*:*", "matchCriteriaId": "03ED214E-B35E-4269-AB60-DC153D84A7EA", "vulnerable": true}, {"criteria": "cpe:2.3:a:docker:docker:17.06.0-ce:rc1:*:*:community:*:*:*", "matchCriteriaId": "23DC417C-741C-4B54-AC05-695266F837BC", "vulnerable": true}, {"criteria": "cpe:2.3:a:docker:docker:17.06.0-ce:rc2:*:*:community:*:*:*", "matchCriteriaId": "EA9CEEEF-FA4C-466B-B06A-409B412911CE", "vulnerable": true}, {"criteria": "cpe:2.3:a:docker:docker:17.06.0-ce:rc3:*:*:community:*:*:*", "matchCriteriaId": "1D56B684-9D21-456D-AEAF-681FE4AF34DC", "vulnerable": true}, {"criteria": "cpe:2.3:a:docker:docker:17.06.0-ce:rc4:*:*:community:*:*:*", "matchCriteriaId": "6AC3E4B6-3D75-408D-B3CD-0E5FC83DC303", "vulnerable": true}, {"criteria": "cpe:2.3:a:docker:docker:17.06.0-ce:rc5:*:*:community:*:*:*", "matchCriteriaId": "1BA3AC1D-E044-4F3F-A880-9D57E6247D3E", "vulnerable": true}, {"criteria": "cpe:2.3:a:docker:docker:17.06.1-ce:*:*:*:community:*:*:*", "matchCriteriaId": "ADFFCF49-C72C-4122-8035-D56FBDF36EF3", "vulnerable": true}, {"criteria": "cpe:2.3:a:docker:docker:17.06.1-ce:rc1:*:*:community:*:*:*", "matchCriteriaId": "A07F31B1-0471-4496-98E8-3D50D62A9376", "vulnerable": true}, {"criteria": "cpe:2.3:a:docker:docker:17.06.1-ce:rc2:*:*:community:*:*:*", "matchCriteriaId": "157499DF-2A7E-4615-9F6B-383F998D45D1", "vulnerable": true}, {"criteria": "cpe:2.3:a:docker:docker:17.06.1-ce:rc3:*:*:community:*:*:*", "matchCriteriaId": "426A1B51-9C0C-4E2E-AD7B-F2C9C2F90DC0", "vulnerable": true}, {"criteria": "cpe:2.3:a:docker:docker:17.06.1-ce:rc4:*:*:community:*:*:*", "matchCriteriaId": "BA3C59E2-4528-498B-B77A-CCDB9E1F2EC3", "vulnerable": true}, {"criteria": "cpe:2.3:a:docker:docker:17.06.2-ce:*:*:*:community:*:*:*", "matchCriteriaId": "FF0BFEAD-83C4-43C3-AF7F-B07E623027CA", "vulnerable": true}, {"criteria": "cpe:2.3:a:docker:docker:17.06.2-ce:rc1:*:*:community:*:*:*", "matchCriteriaId": "90446BD3-E1E0-4FF0-8617-635C1428206C", "vulnerable": true}, {"criteria": "cpe:2.3:a:docker:docker:17.07.0-ce:*:*:*:community:*:*:*", "matchCriteriaId": "346B183E-B29A-4D11-A5EB-B4263AE2A930", "vulnerable": true}, {"criteria": "cpe:2.3:a:docker:docker:17.07.0-ce:rc1:*:*:community:*:*:*", "matchCriteriaId": "0E3245D9-EE7C-48C6-ADA7-D09BAC758335", "vulnerable": true}, {"criteria": "cpe:2.3:a:docker:docker:17.07.0-ce:rc2:*:*:community:*:*:*", "matchCriteriaId": "06067BD7-BF28-4C3C-8AA4-33AE91D1A08D", "vulnerable": true}, {"criteria": "cpe:2.3:a:docker:docker:17.07.0-ce:rc3:*:*:community:*:*:*", "matchCriteriaId": "2AA91357-976E-4E58-933F-3B5053E44AD6", "vulnerable": true}, {"criteria": "cpe:2.3:a:docker:docker:17.07.0-ce:rc4:*:*:community:*:*:*", "matchCriteriaId": "08DBC6A3-AFC6-4D34-B2C6-E7557A9BAC55", "vulnerable": true}, {"criteria": "cpe:2.3:a:docker:docker:17.09.0-ce:*:*:*:community:*:*:*", "matchCriteriaId": "0CDFF197-1317-4E9A-89AC-42A347E92CB0", "vulnerable": true}, {"criteria": "cpe:2.3:a:docker:docker:17.09.0-ce:rc1:*:*:community:*:*:*", "matchCriteriaId": "DBA8D554-BA26-4440-83C1-623B02B9378A", "vulnerable": true}, {"criteria": "cpe:2.3:a:docker:docker:17.09.0-ce:rc2:*:*:community:*:*:*", "matchCriteriaId": "444F283F-E95D-4885-88E9-552846EB34B4", "vulnerable": true}, {"criteria": "cpe:2.3:a:docker:docker:17.09.0-ce:rc3:*:*:community:*:*:*", "matchCriteriaId": "F0C3E0C2-B036-49CE-99DF-7243AFFD23D5", "vulnerable": true}, {"criteria": "cpe:2.3:a:docker:docker:17.09.1-ce:*:*:*:community:*:*:*", "matchCriteriaId": "443E631B-4D7D-4C45-8A64-6C98DD18D286", "vulnerable": true}, {"criteria": "cpe:2.3:a:docker:docker:17.09.1-ce-:rc1:*:*:community:*:*:*", "matchCriteriaId": "CDE4D9DF-794E-4ACB-88D4-866F1D333B72", "vulnerable": true}, {"criteria": "cpe:2.3:a:docker:docker:17.10.0-ce:*:*:*:community:*:*:*", "matchCriteriaId": "3332E705-364B-4CFE-8EFE-791191DD6D92", "vulnerable": true}, {"criteria": "cpe:2.3:a:docker:docker:17.10.0-ce:rc1:*:*:community:*:*:*", "matchCriteriaId": "CB5190C1-B7B3-4CA5-8B04-7C4C29952687", "vulnerable": true}, {"criteria": "cpe:2.3:a:docker:docker:17.10.0-ce:rc2:*:*:community:*:*:*", "matchCriteriaId": "7926C680-46ED-49FE-9000-A2CCD61CF6EF", "vulnerable": true}, {"criteria": "cpe:2.3:a:docker:docker:17.11.0-ce:*:*:*:community:*:*:*", "matchCriteriaId": "B7C29495-0403-4D11-9687-249DCD60536B", "vulnerable": true}, {"criteria": "cpe:2.3:a:docker:docker:17.11.0-ce:rc1:*:*:community:*:*:*", "matchCriteriaId": "9CFCE477-6B5C-43B2-BA05-2D4B8C18168A", "vulnerable": true}, {"criteria": "cpe:2.3:a:docker:docker:17.11.0-ce:rc2:*:*:community:*:*:*", "matchCriteriaId": "62A4CEB1-4053-4508-9FE7-0D23A61CEE64", "vulnerable": true}, {"criteria": "cpe:2.3:a:docker:docker:17.11.0-ce:rc3:*:*:community:*:*:*", "matchCriteriaId": "A3BC6153-1036-4A2B-8E6B-CCCBE9866641", "vulnerable": true}, {"criteria": "cpe:2.3:a:docker:docker:17.11.0-ce:rc4:*:*:community:*:*:*", "matchCriteriaId": "EB4E8414-1B6C-457E-8C1D-19D962FEF212", "vulnerable": true}, {"criteria": "cpe:2.3:a:docker:docker:17.12.0-ce:*:*:*:community:*:*:*", "matchCriteriaId": "A4FE190B-896E-4CFD-AD14-B8F990F6C2D4", "vulnerable": true}, {"criteria": "cpe:2.3:a:docker:docker:17.12.0-ce:rc1:*:*:community:*:*:*", "matchCriteriaId": "03558F57-4DB4-42A1-8FFF-E32455F14D43", "vulnerable": true}, {"criteria": "cpe:2.3:a:docker:docker:17.12.0-ce:rc2:*:*:community:*:*:*", "matchCriteriaId": "BD7FE2CE-D564-4B0F-A86C-3D9D8ADB4209", "vulnerable": true}, {"criteria": "cpe:2.3:a:docker:docker:17.12.0-ce:rc3:*:*:community:*:*:*", "matchCriteriaId": "CE6482EC-8B28-4EBA-8D31-444AF20CDF45", "vulnerable": true}, {"criteria": "cpe:2.3:a:docker:docker:17.12.0-ce:rc4:*:*:community:*:*:*", "matchCriteriaId": "2B6895B8-84E0-4796-9BE6-F560F78B6F09", "vulnerable": true}, {"criteria": "cpe:2.3:a:docker:docker:17.12.1-ce:*:*:*:community:*:*:*", "matchCriteriaId": "2476F29C-9011-4040-B45B-ABEA9D9B989A", "vulnerable": true}, {"criteria": "cpe:2.3:a:docker:docker:17.12.1-ce:rc1:*:*:community:*:*:*", "matchCriteriaId": "BA34377A-7FAF-489F-967C-592F4DDAA395", "vulnerable": true}, {"criteria": "cpe:2.3:a:docker:docker:17.12.1-ce:rc2:*:*:community:*:*:*", "matchCriteriaId": "F5981E01-90F2-4950-BDCC-049B8CF11BF7", "vulnerable": true}, {"criteria": "cpe:2.3:a:docker:docker:18.01.0-ce:*:*:*:community:*:*:*", "matchCriteriaId": "6A67CC6A-5DFF-4EC8-AD89-CBE61D5B1E86", "vulnerable": true}, {"criteria": "cpe:2.3:a:docker:docker:18.01.0-ce:rc1:*:*:community:*:*:*", "matchCriteriaId": "417A41D1-95F5-4F11-A84A-80EFB5470FDB", "vulnerable": true}, {"criteria": "cpe:2.3:a:docker:docker:18.02.0-ce:*:*:*:community:*:*:*", "matchCriteriaId": "E6EFF14F-CD0B-4AC6-95F8-AEAAE0AFC9F5", "vulnerable": true}, {"criteria": "cpe:2.3:a:docker:docker:18.02.0-ce:rc1:*:*:community:*:*:*", "matchCriteriaId": "749D44D3-0800-452D-B617-16533AFCDB9E", "vulnerable": true}, {"criteria": "cpe:2.3:a:docker:docker:18.02.0-ce:rc2:*:*:community:*:*:*", "matchCriteriaId": "BFDB4066-4966-45DA-886B-83B4DA10E5DC", "vulnerable": true}, {"criteria": "cpe:2.3:a:docker:docker:18.03.0-ce:*:*:*:community:*:*:*", "matchCriteriaId": "A632A32E-83CC-4643-A92E-4B853772B1E5", "vulnerable": true}, {"criteria": "cpe:2.3:a:docker:docker:18.03.0-ce:rc1:*:*:community:*:*:*", "matchCriteriaId": "74447A87-49F6-40E9-B42B-4DD10915FD5F", "vulnerable": true}, {"criteria": "cpe:2.3:a:docker:docker:18.03.0-ce:rc2:*:*:community:*:*:*", "matchCriteriaId": "850F9B89-B19C-4334-B188-ED9B30E4858F", "vulnerable": true}, {"criteria": "cpe:2.3:a:docker:docker:18.03.0-ce:rc3:*:*:community:*:*:*", "matchCriteriaId": "DC41D120-BB84-497B-8E14-4242DA34336B", "vulnerable": true}, {"criteria": "cpe:2.3:a:docker:docker:18.03.0-ce:rc4:*:*:community:*:*:*", "matchCriteriaId": "D3A6BC7B-16B3-4C38-884F-F3D58D02DCB0", "vulnerable": true}, {"criteria": "cpe:2.3:a:docker:docker:18.03.1-ce:*:*:*:community:*:*:*", "matchCriteriaId": "76C71530-639E-4E9A-B74F-0D046E0F1A35", "vulnerable": true}, {"criteria": "cpe:2.3:a:docker:docker:18.03.1-ce:rc1:*:*:community:*:*:*", "matchCriteriaId": "B1C17446-B119-483F-8BB2-80DBE1CD28C4", "vulnerable": true}, {"criteria": "cpe:2.3:a:docker:docker:18.03.1-ce:rc2:*:*:community:*:*:*", "matchCriteriaId": "D5DEED51-DDC3-40CA-8FDA-59462492BEA7", "vulnerable": true}, {"criteria": "cpe:2.3:a:docker:docker:18.04.0-ce:*:*:*:community:*:*:*", "matchCriteriaId": "CF279FD4-58D4-4272-AC14-DE9D79D88BE9", "vulnerable": true}, {"criteria": "cpe:2.3:a:docker:docker:18.04.0-ce:rc1:*:*:community:*:*:*", "matchCriteriaId": "749AA8E0-2F98-424C-9A0D-9F91987F3A5F", "vulnerable": true}, {"criteria": "cpe:2.3:a:docker:docker:18.04.0-ce:rc2:*:*:community:*:*:*", "matchCriteriaId": "E5C31E97-B350-457C-9EBE-CD9DEC94D818", "vulnerable": true}, {"criteria": "cpe:2.3:a:docker:docker:18.05.0-ce:*:*:*:community:*:*:*", "matchCriteriaId": "DE28CE42-3EB2-4032-BEE6-C87C65551B94", "vulnerable": true}, {"criteria": "cpe:2.3:a:docker:docker:18.05.0-ce:rc1:*:*:community:*:*:*", "matchCriteriaId": "2704A6EF-A030-4B3F-8160-EE1F4B401E8D", "vulnerable": true}, {"criteria": "cpe:2.3:a:docker:docker:18.06.0-ce:*:*:*:community:*:*:*", "matchCriteriaId": "18C4AB1B-79B0-4F1B-A80D-B4F16C49BFF7", "vulnerable": true}, {"criteria": "cpe:2.3:a:docker:docker:18.06.0-ce:rc1:*:*:community:*:*:*", "matchCriteriaId": "A48C808D-7B04-457F-9724-1694696773CE", "vulnerable": true}, {"criteria": "cpe:2.3:a:docker:docker:18.06.0-ce:rc2:*:*:community:*:*:*", "matchCriteriaId": "D20E4F37-3E9E-4A42-8E6A-7888776B2C5B", "vulnerable": true}, {"criteria": "cpe:2.3:a:docker:docker:18.06.0-ce:rc3:*:*:community:*:*:*", "matchCriteriaId": "6CBB326E-A337-4047-B332-E12EB6F00E1F", "vulnerable": true}, {"criteria": "cpe:2.3:a:docker:docker:18.06.1-ce:rc1:*:*:community:*:*:*", "matchCriteriaId": "F2A1AE6D-371D-4876-90B7-0B8D62D5AFB5", "vulnerable": true}, {"criteria": "cpe:2.3:a:docker:docker:18.06.1-ce:rc2:*:*:community:*:*:*", "matchCriteriaId": "D2AF3BE5-8C7B-4F4C-A381-59DFF1B5233A", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "In Docker through 18.06.1-ce-rc2, the API endpoints behind the 'docker cp' command are vulnerable to a symlink-exchange attack with Directory Traversal, giving attackers arbitrary read-write access to the host filesystem with root privileges, because daemon/archive.go does not do archive operations on a frozen filesystem (or from within a chroot)."}, {"lang": "es", "value": "En Docker hasta la versi\u00f3n 18.06.1-ce-rc2, los endpoints API debajo del comando 'docker cp' son vulnerables a un ataque de de tipo symlink-exchange con salto de directorio, dando a los atacantes acceso arbitrario de lectura-escritura al sistema de archivos del host con privilegios de root, porque daemon/archive.go no genera operaciones de archivo en un filesystem congelado (o desde dentro de una operaci\u00f3n chroot)."}], "id": "CVE-2018-15664", "lastModified": "2024-11-21T03:51:14.130", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "HIGH", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 6.2, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 1.9, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 0.8, "impactScore": 6.0, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-05-23T14:29:07.453", "references": [{"source": "cve@mitre.org", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00066.html"}, {"source": "cve@mitre.org", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00001.html"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2019/05/28/1"}, {"source": "cve@mitre.org", "url": "http://www.openwall.com/lists/oss-security/2019/08/21/1"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/108507"}, {"source": "cve@mitre.org", "url": "https://access.redhat.com/errata/RHSA-2019:1910"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"], "url": "https://bugzilla.suse.com/show_bug.cgi?id=1096726"}, {"source": "cve@mitre.org", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://github.com/moby/moby/pull/39252"}, {"source": "cve@mitre.org", "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-15664"}, {"source": "cve@mitre.org", "url": "https://usn.ubuntu.com/4048-1/"}, {"source": "nvd@nist.gov", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/security/cve/cve-2018-15664"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00066.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00001.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2019/05/28/1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.openwall.com/lists/oss-security/2019/08/21/1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/108507"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://access.redhat.com/errata/RHSA-2019:1910"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"], "url": "https://bugzilla.suse.com/show_bug.cgi?id=1096726"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://github.com/moby/moby/pull/39252"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-15664"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://usn.ubuntu.com/4048-1/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-362"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2019:1910", "cpe": "cpe:/a:redhat:rhel_extras_other:7", "package": "docker-2:1.13.1-102.git7f2769b.el7", "product_name": "Red Hat Enterprise Linux 7 Extras", "release_date": "2019-07-29T00:00:00Z"}], "bugzilla": {"description": "docker: symlink-exchange race attacks in docker cp", "id": "1714722", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1714722"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H", "status": "verified"}, "cwe": "(CWE-22|CWE-367)", "details": ["In Docker through 18.06.1-ce-rc2, the API endpoints behind the 'docker cp' command are vulnerable to a symlink-exchange attack with Directory Traversal, giving attackers arbitrary read-write access to the host filesystem with root privileges, because daemon/archive.go does not do archive operations on a frozen filesystem (or from within a chroot).", "A flaw was discovered in the API endpoint behind the 'docker cp' command. The endpoint is vulnerable to a Time Of Check to Time Of Use (TOCTOU) vulnerability in the way it handles symbolic links inside a container. An attacker who has compromised an existing container can cause arbitrary files on the host filesystem to be read/written when an administrator tries to copy a file from/to the container."], "mitigation": {"lang": "en:us", "value": "Stopping a container prior to running \"docker cp\" removes the TOCTOU vulnerability."}, "name": "CVE-2018-15664", "package_state": [{"cpe": "cpe:/a:redhat:jboss_fuse:7", "fix_state": "Not affected", "package_name": "docker", "product_name": "Red Hat Fuse 7"}, {"cpe": "cpe:/a:redhat:openshift:3.4", "fix_state": "Out of support scope", "package_name": "docker", "product_name": "Red Hat OpenShift Container Platform 3.4"}, {"cpe": "cpe:/a:redhat:openshift:3.5", "fix_state": "Out of support scope", "package_name": "docker", "product_name": "Red Hat OpenShift Container Platform 3.5"}, {"cpe": "cpe:/a:redhat:openshift:3.6", "fix_state": "Will not fix", "package_name": "docker", "product_name": "Red Hat OpenShift Container Platform 3.6"}, {"cpe": "cpe:/a:redhat:openshift:3.7", "fix_state": "Will not fix", "package_name": "docker", "product_name": "Red Hat OpenShift Container Platform 3.7"}], "public_date": "2019-05-23T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2018-15664\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-15664\nhttps://www.openwall.com/lists/oss-security/2019/05/28/1"], "statement": "All versions of docker prior to the fix are vulnerable to this flaw.\nFor clarity, in the \"Affected Packages State\" table, we only include OpenShift Container Platform (OCP) versions 3.7 and below because for these versions docker was shipped as part of the release.  For all subsequent versions of OCP until 3.11, docker is installed from the RHEL Extras repository meaning clusters will be vulnerable to the flaw unless an updated docker package has been applied.\nRed Hat Fuse provides only the Docker client library and is not affected by this vulnerability.", "threat_severity": "Moderate"}