high
8.8
CWE
502
Advisory Published
Updated

CVE-2018-15514

First published: Sat Sep 01 2018(Updated: )

HandleRequestAsync in Docker for Windows before 18.06.0-ce-rc3-win68 (edge) and before 18.06.0-ce-win72 (stable) deserialized requests over the \\.\pipe\dockerBackend named pipe without verifying the validity of the deserialized .NET objects. This would allow a malicious user in the "docker-users" group (who may not otherwise have administrator access) to escalate to administrator privileges.

Credit: cve@mitre.org

Affected SoftwareAffected VersionHow to fix
Docker Docker=1.10.0.0-0
Docker Docker=1.10.1.42-1
Docker Docker=1.10.2.12
Docker Docker=1.10.2.14
Docker Docker=1.10.4.0
Docker Docker=1.10.6
Docker Docker=1.11.0
Docker Docker=1.11.0-beta10
Docker Docker=1.11.0-beta7
Docker Docker=1.11.0-beta8
Docker Docker=1.11.0-beta9
Docker Docker=1.11.1-beta11
Docker Docker=1.11.1-beta11b
Docker Docker=1.11.1-beta12
Docker Docker=1.11.1-beta13
Docker Docker=1.11.1-beta14
Docker Docker=1.11.2-beta15
Docker Docker=1.12.0
Docker Docker=1.12.0-beta21
Docker Docker=1.12.0-beta22
Docker Docker=1.12.0-rc2-beta16
Docker Docker=1.12.0-rc2-beta17
Docker Docker=1.12.0-rc3-beta18
Docker Docker=1.12.0-rc3-beta18.1
Docker Docker=1.12.0-rc4-beta19
Docker Docker=1.12.0-rc4-beta20
Docker Docker=1.12.1
Docker Docker=1.12.1-beta24
Docker Docker=1.12.1-beta25
Docker Docker=1.12.1-beta26
Docker Docker=1.12.1-beta29.1
Docker Docker=1.12.1-rc1-beta23
Docker Docker=1.12.2-beta29.2
Docker Docker=1.12.2-rc1-beta27
Docker Docker=1.12.2-rc3-beta28
Docker Docker=1.12.3
Docker Docker=1.12.3-beta29.3
Docker Docker=1.12.3-beta30
Docker Docker=1.12.3-rc1-beta29
Docker Docker=1.12.5
Docker Docker=1.13.0
Docker Docker=1.13.0-beta38
Docker Docker=1.13.0-beta39
Docker Docker=1.13.0-rc2-beta31
Docker Docker=1.13.0-rc3-beta32
Docker Docker=1.13.0-rc3-beta32.1
Docker Docker=1.13.0-rc3-beta33
Docker Docker=1.13.0-rc4-beta34
Docker Docker=1.13.0-rc5-beta35
Docker Docker=1.13.0-rc6-beta36
Docker Docker=1.13.0-rc7-beta37
Docker Docker=1.13.1
Docker Docker=1.13.1-rc1-beta40
Docker Docker=1.13.1-rc2-beta41
Docker Docker=17.0.4-win7
Docker Docker=17.0.5-win9
Docker Docker=17.03.0
Docker Docker=17.03.0-rc1-win1
Docker Docker=17.03.1-win12
Docker Docker=17.04.0-win6
Docker Docker=17.06.0-win13
Docker Docker=17.06.0-win14
Docker Docker=17.06.0-win15
Docker Docker=17.06.0-win16
Docker Docker=17.06.0-win17
Docker Docker=17.06.0-win18
Docker Docker=17.06.1-rc1-win20
Docker Docker=17.06.1-rc1-win24
Docker Docker=17.06.2-win27
Docker Docker=17.07.0-rc1-win21
Docker Docker=17.07.0-rc2-win22
Docker Docker=17.07.0-rc3-win23
Docker Docker=17.07.0-rc4-win25
Docker Docker=17.07.0-win26
Docker Docker=17.09.0-rc1-win28
Docker Docker=17.09.0-rc2-win29
Docker Docker=17.09.0-rc3-win30
Docker Docker=17.09.0-win31
Docker Docker=17.09.0-win32
Docker Docker=17.09.0-win33
Docker Docker=17.09.0-win34
Docker Docker=17.09.1-win42
Docker Docker=17.10.0-win36
Docker Docker=17.11.0-rc2-win37
Docker Docker=17.11.0-rc3-win38
Docker Docker=17.11.0-rc4-win39
Docker Docker=17.11.0-win40
Docker Docker=17.12.0-rc2-win41
Docker Docker=17.12.0-rc3-win43
Docker Docker=17.12.0-rc4-win44
Docker Docker=17.12.0-win45
Docker Docker=17.12.0-win46
Docker Docker=17.12.0-win47
Docker Docker=18.01.0-win48
Docker Docker=18.02.0-rc1-win50
Docker Docker=18.02.0-rc2-win51
Docker Docker=18.02.0-win52
Docker Docker=18.03.0-rc3-win56
Docker Docker=18.03.0-win58
Docker Docker=18.03.0-win59
Docker Docker=18.03.1-win65
Docker Docker=18.04.0-rc2-win61
Docker Docker=18.05.0-rc1-win63
Docker Docker=18.05.0-win66

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203