CVE-2018-15514

HandleRequestAsync in Docker for Windows before 18.06.0-ce-rc3-win68 (edge) and before 18.06.0-ce-win72 (stable) deserialized requests over the \\.\pipe\dockerBackend named pipe without verifying the validity of the deserialized .NET objects. This would allow a malicious user in the "docker-users" group (who may not otherwise have administrator access) to escalate to administrator privileges.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
8.8 HIGH
NETWORK
LOW
LOW
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 90%
VendorProductVersion
dockerdocker
1.10.0.0-0
dockerdocker
1.10.1.42-1
dockerdocker
1.10.2.12
dockerdocker
1.10.2.14
dockerdocker
1.10.4.0
dockerdocker
1.10.6
dockerdocker
1.11.0
dockerdocker
1.11.0:beta10
dockerdocker
1.11.0:beta7
dockerdocker
1.11.0:beta8
dockerdocker
1.11.0:beta9
dockerdocker
1.11.1:beta11
dockerdocker
1.11.1:beta11b
dockerdocker
1.11.1:beta12
dockerdocker
1.11.1:beta13
dockerdocker
1.11.1:beta14
dockerdocker
1.11.2:beta15
dockerdocker
1.12.0
dockerdocker
1.12.0:beta21
dockerdocker
1.12.0:beta22
dockerdocker
1.12.0:rc2-beta16
dockerdocker
1.12.0:rc2-beta17
dockerdocker
1.12.0:rc3-beta18
dockerdocker
1.12.0:rc3-beta18.1
dockerdocker
1.12.0:rc4-beta19
dockerdocker
1.12.0:rc4-beta20
dockerdocker
1.12.1
dockerdocker
1.12.1:beta24
dockerdocker
1.12.1:beta25
dockerdocker
1.12.1:beta26
dockerdocker
1.12.1:beta29.1
dockerdocker
1.12.1:rc1-beta23
dockerdocker
1.12.2:beta29.2
dockerdocker
1.12.2:rc1-beta27
dockerdocker
1.12.2:rc3-beta28
dockerdocker
1.12.3
dockerdocker
1.12.3:beta29.3
dockerdocker
1.12.3:beta30
dockerdocker
1.12.3:rc1-beta29
dockerdocker
1.12.5
dockerdocker
1.13.0
dockerdocker
1.13.0:beta38
dockerdocker
1.13.0:beta39
dockerdocker
1.13.0:rc2-beta31
dockerdocker
1.13.0:rc3-beta32
dockerdocker
1.13.0:rc3-beta32.1
dockerdocker
1.13.0:rc3-beta33
dockerdocker
1.13.0:rc4-beta34
dockerdocker
1.13.0:rc5-beta35
dockerdocker
1.13.0:rc6-beta36
dockerdocker
1.13.0:rc7-beta37
dockerdocker
1.13.1
dockerdocker
1.13.1:rc1-beta40
dockerdocker
1.13.1:rc2-beta41
dockerdocker
17.0.4:win7
dockerdocker
17.0.5:win9
dockerdocker
17.03.0
dockerdocker
17.03.0:rc1-win1
dockerdocker
17.03.1:win12
dockerdocker
17.04.0:win6
dockerdocker
17.06.0:win13
dockerdocker
17.06.0:win14
dockerdocker
17.06.0:win15
dockerdocker
17.06.0:win16
dockerdocker
17.06.0:win17
dockerdocker
17.06.0:win18
dockerdocker
17.06.1:rc1-win20
dockerdocker
17.06.1:rc1-win24
dockerdocker
17.06.2:win27
dockerdocker
17.07.0:rc1-win21
dockerdocker
17.07.0:rc2-win22
dockerdocker
17.07.0:rc3-win23
dockerdocker
17.07.0:rc4-win25
dockerdocker
17.07.0:win26
dockerdocker
17.09.0:rc1-win28
dockerdocker
17.09.0:rc2-win29
dockerdocker
17.09.0:rc3-win30
dockerdocker
17.09.0:win31
dockerdocker
17.09.0:win32
dockerdocker
17.09.0:win33
dockerdocker
17.09.0:win34
dockerdocker
17.09.1:win42
dockerdocker
17.10.0:win36
dockerdocker
17.11.0:rc2-win37
dockerdocker
17.11.0:rc3-win38
dockerdocker
17.11.0:rc4-win39
dockerdocker
17.11.0:win40
dockerdocker
17.12.0:rc2-win41
dockerdocker
17.12.0:rc3-win43
dockerdocker
17.12.0:rc4-win44
dockerdocker
17.12.0:win45
dockerdocker
17.12.0:win46
dockerdocker
17.12.0:win47
dockerdocker
18.01.0:win48
dockerdocker
18.02.0:rc1-win50
dockerdocker
18.02.0:rc2-win51
dockerdocker
18.02.0:win52
dockerdocker
18.03.0:rc3-win56
dockerdocker
18.03.0:win58
dockerdocker
18.03.0:win59
dockerdocker
18.03.1:win65
dockerdocker
18.04.0:rc2-win61
dockerdocker
18.05.0:rc1-win63
dockerdocker
18.05.0:win66
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.securityfocus.com/bid/105202
https://docs.docker.com/docker-for-windows/edge-release-notes/
https://docs.docker.com/docker-for-windows/release-notes/
https://srcincite.io/blog/2018/08/31/you-cant-contain-me-analyzing-and-exploiting-an-elevation-of-privilege-in-docker-for-windows.html
http://www.securityfocus.com/bid/105202
https://docs.docker.com/docker-for-windows/edge-release-notes/
https://docs.docker.com/docker-for-windows/release-notes/
https://srcincite.io/blog/2018/08/31/you-cant-contain-me-analyzing-and-exploiting-an-elevation-of-privilege-in-docker-for-windows.html