high
8.8
CWE
502
Advisory Published
Updated

CVE-2018-15514

First published: Sat Sep 01 2018(Updated: )

HandleRequestAsync in Docker for Windows before 18.06.0-ce-rc3-win68 (edge) and before 18.06.0-ce-win72 (stable) deserialized requests over the \\.\pipe\dockerBackend named pipe without verifying the validity of the deserialized .NET objects. This would allow a malicious user in the "docker-users" group (who may not otherwise have administrator access) to escalate to administrator privileges.

Credit: cve@mitre.org

Affected SoftwareAffected VersionHow to fix
Docker=1.10.0.0-0
Docker=1.10.1.42-1
Docker=1.10.2.12
Docker=1.10.2.14
Docker=1.10.4.0
Docker=1.10.6
Docker=1.11.0
Docker=1.11.0-beta10
Docker=1.11.0-beta7
Docker=1.11.0-beta8
Docker=1.11.0-beta9
Docker=1.11.1-beta11
Docker=1.11.1-beta11b
Docker=1.11.1-beta12
Docker=1.11.1-beta13
Docker=1.11.1-beta14
Docker=1.11.2-beta15
Docker=1.12.0
Docker=1.12.0-beta21
Docker=1.12.0-beta22
Docker=1.12.0-rc2-beta16
Docker=1.12.0-rc2-beta17
Docker=1.12.0-rc3-beta18
Docker=1.12.0-rc3-beta18.1
Docker=1.12.0-rc4-beta19
Docker=1.12.0-rc4-beta20
Docker=1.12.1
Docker=1.12.1-beta24
Docker=1.12.1-beta25
Docker=1.12.1-beta26
Docker=1.12.1-beta29.1
Docker=1.12.1-rc1-beta23
Docker=1.12.2-beta29.2
Docker=1.12.2-rc1-beta27
Docker=1.12.2-rc3-beta28
Docker=1.12.3
Docker=1.12.3-beta29.3
Docker=1.12.3-beta30
Docker=1.12.3-rc1-beta29
Docker=1.12.5
Docker=1.13.0
Docker=1.13.0-beta38
Docker=1.13.0-beta39
Docker=1.13.0-rc2-beta31
Docker=1.13.0-rc3-beta32
Docker=1.13.0-rc3-beta32.1
Docker=1.13.0-rc3-beta33
Docker=1.13.0-rc4-beta34
Docker=1.13.0-rc5-beta35
Docker=1.13.0-rc6-beta36
Docker=1.13.0-rc7-beta37
Docker=1.13.1
Docker=1.13.1-rc1-beta40
Docker=1.13.1-rc2-beta41
Docker=17.0.4-win7
Docker=17.0.5-win9
Docker=17.03.0
Docker=17.03.0-rc1-win1
Docker=17.03.1-win12
Docker=17.04.0-win6
Docker=17.06.0-win13
Docker=17.06.0-win14
Docker=17.06.0-win15
Docker=17.06.0-win16
Docker=17.06.0-win17
Docker=17.06.0-win18
Docker=17.06.1-rc1-win20
Docker=17.06.1-rc1-win24
Docker=17.06.2-win27
Docker=17.07.0-rc1-win21
Docker=17.07.0-rc2-win22
Docker=17.07.0-rc3-win23
Docker=17.07.0-rc4-win25
Docker=17.07.0-win26
Docker=17.09.0-rc1-win28
Docker=17.09.0-rc2-win29
Docker=17.09.0-rc3-win30
Docker=17.09.0-win31
Docker=17.09.0-win32
Docker=17.09.0-win33
Docker=17.09.0-win34
Docker=17.09.1-win42
Docker=17.10.0-win36
Docker=17.11.0-rc2-win37
Docker=17.11.0-rc3-win38
Docker=17.11.0-rc4-win39
Docker=17.11.0-win40
Docker=17.12.0-rc2-win41
Docker=17.12.0-rc3-win43
Docker=17.12.0-rc4-win44
Docker=17.12.0-win45
Docker=17.12.0-win46
Docker=17.12.0-win47
Docker=18.01.0-win48
Docker=18.02.0-rc1-win50
Docker=18.02.0-rc2-win51
Docker=18.02.0-win52
Docker=18.03.0-rc3-win56
Docker=18.03.0-win58
Docker=18.03.0-win59
Docker=18.03.1-win65
Docker=18.04.0-rc2-win61
Docker=18.05.0-rc1-win63
Docker=18.05.0-win66

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Frequently Asked Questions

  • What is the severity of CVE-2018-15514?

    CVE-2018-15514 has been assigned a severity rating of Medium due to potential risks associated with deserialization vulnerabilities in Docker for Windows.

  • How do I fix CVE-2018-15514?

    To fix CVE-2018-15514, upgrade your Docker for Windows to versions 18.06.0-ce-rc3-win68 (edge) or 18.06.0-ce-win72 (stable) or later.

  • What components are affected by CVE-2018-15514?

    CVE-2018-15514 affects Docker for Windows versions before 18.06.0-ce-rc3 and 18.06.0-ce-win72.

  • Can CVE-2018-15514 be exploited remotely?

    CVE-2018-15514 requires local access, as it involves deserialization over a named pipe, making remote exploitation unlikely.

  • What are the implications of CVE-2018-15514?

    Exploitation of CVE-2018-15514 could allow an attacker in the docker-users group to execute arbitrary code on the host system.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2025 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203