First published: Thu May 23 2019(Updated: )
In Docker through 18.06.1-ce-rc2, the API endpoints behind the 'docker cp' command are vulnerable to a symlink-exchange attack with Directory Traversal, giving attackers arbitrary read-write access to the host filesystem with root privileges, because daemon/archive.go does not do archive operations on a frozen filesystem (or from within a chroot).
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
ubuntu/docker.io | <18.09.7-0ubuntu1~18.04.3 | 18.09.7-0ubuntu1~18.04.3 |
ubuntu/docker.io | <18.09.7-0ubuntu1~18.10.3 | 18.09.7-0ubuntu1~18.10.3 |
ubuntu/docker.io | <18.09.7-0ubuntu1~19.04.4 | 18.09.7-0ubuntu1~19.04.4 |
ubuntu/docker.io | <18.09.07 | 18.09.07 |
ubuntu/docker.io | <18.09.7-0ubuntu1~16.04.4 | 18.09.7-0ubuntu1~16.04.4 |
=17.06.0-ce | ||
=17.06.0-ce-rc1 | ||
=17.06.0-ce-rc2 | ||
=17.06.0-ce-rc3 | ||
=17.06.0-ce-rc4 | ||
=17.06.0-ce-rc5 | ||
=17.06.1-ce | ||
=17.06.1-ce-rc1 | ||
=17.06.1-ce-rc2 | ||
=17.06.1-ce-rc3 | ||
=17.06.1-ce-rc4 | ||
=17.06.2-ce | ||
=17.06.2-ce-rc1 | ||
=17.07.0-ce | ||
=17.07.0-ce-rc1 | ||
=17.07.0-ce-rc2 | ||
=17.07.0-ce-rc3 | ||
=17.07.0-ce-rc4 | ||
=17.09.0-ce | ||
=17.09.0-ce-rc1 | ||
=17.09.0-ce-rc2 | ||
=17.09.0-ce-rc3 | ||
=17.09.1-ce | ||
=17.09.1-ce--rc1 | ||
=17.10.0-ce | ||
=17.10.0-ce-rc1 | ||
=17.10.0-ce-rc2 | ||
=17.11.0-ce | ||
=17.11.0-ce-rc1 | ||
=17.11.0-ce-rc2 | ||
=17.11.0-ce-rc3 | ||
=17.11.0-ce-rc4 | ||
=17.12.0-ce | ||
=17.12.0-ce-rc1 | ||
=17.12.0-ce-rc2 | ||
=17.12.0-ce-rc3 | ||
=17.12.0-ce-rc4 | ||
=17.12.1-ce | ||
=17.12.1-ce-rc1 | ||
=17.12.1-ce-rc2 | ||
=18.01.0-ce | ||
=18.01.0-ce-rc1 | ||
=18.02.0-ce | ||
=18.02.0-ce-rc1 | ||
=18.02.0-ce-rc2 | ||
=18.03.0-ce | ||
=18.03.0-ce-rc1 | ||
=18.03.0-ce-rc2 | ||
=18.03.0-ce-rc3 | ||
=18.03.0-ce-rc4 | ||
=18.03.1-ce | ||
=18.03.1-ce-rc1 | ||
=18.03.1-ce-rc2 | ||
=18.04.0-ce | ||
=18.04.0-ce-rc1 | ||
=18.04.0-ce-rc2 | ||
=18.05.0-ce | ||
=18.05.0-ce-rc1 | ||
=18.06.0-ce | ||
=18.06.0-ce-rc1 | ||
=18.06.0-ce-rc2 | ||
=18.06.0-ce-rc3 | ||
=18.06.1-ce-rc1 | ||
=18.06.1-ce-rc2 | ||
Docker Docker | =17.06.0-ce | |
Docker Docker | =17.06.0-ce-rc1 | |
Docker Docker | =17.06.0-ce-rc2 | |
Docker Docker | =17.06.0-ce-rc3 | |
Docker Docker | =17.06.0-ce-rc4 | |
Docker Docker | =17.06.0-ce-rc5 | |
Docker Docker | =17.06.1-ce | |
Docker Docker | =17.06.1-ce-rc1 | |
Docker Docker | =17.06.1-ce-rc2 | |
Docker Docker | =17.06.1-ce-rc3 | |
Docker Docker | =17.06.1-ce-rc4 | |
Docker Docker | =17.06.2-ce | |
Docker Docker | =17.06.2-ce-rc1 | |
Docker Docker | =17.07.0-ce | |
Docker Docker | =17.07.0-ce-rc1 | |
Docker Docker | =17.07.0-ce-rc2 | |
Docker Docker | =17.07.0-ce-rc3 | |
Docker Docker | =17.07.0-ce-rc4 | |
Docker Docker | =17.09.0-ce | |
Docker Docker | =17.09.0-ce-rc1 | |
Docker Docker | =17.09.0-ce-rc2 | |
Docker Docker | =17.09.0-ce-rc3 | |
Docker Docker | =17.09.1-ce | |
Docker Docker | =17.09.1-ce--rc1 | |
Docker Docker | =17.10.0-ce | |
Docker Docker | =17.10.0-ce-rc1 | |
Docker Docker | =17.10.0-ce-rc2 | |
Docker Docker | =17.11.0-ce | |
Docker Docker | =17.11.0-ce-rc1 | |
Docker Docker | =17.11.0-ce-rc2 | |
Docker Docker | =17.11.0-ce-rc3 | |
Docker Docker | =17.11.0-ce-rc4 | |
Docker Docker | =17.12.0-ce | |
Docker Docker | =17.12.0-ce-rc1 | |
Docker Docker | =17.12.0-ce-rc2 | |
Docker Docker | =17.12.0-ce-rc3 | |
Docker Docker | =17.12.0-ce-rc4 | |
Docker Docker | =17.12.1-ce | |
Docker Docker | =17.12.1-ce-rc1 | |
Docker Docker | =17.12.1-ce-rc2 | |
Docker Docker | =18.01.0-ce | |
Docker Docker | =18.01.0-ce-rc1 | |
Docker Docker | =18.02.0-ce | |
Docker Docker | =18.02.0-ce-rc1 | |
Docker Docker | =18.02.0-ce-rc2 | |
Docker Docker | =18.03.0-ce | |
Docker Docker | =18.03.0-ce-rc1 | |
Docker Docker | =18.03.0-ce-rc2 | |
Docker Docker | =18.03.0-ce-rc3 | |
Docker Docker | =18.03.0-ce-rc4 | |
Docker Docker | =18.03.1-ce | |
Docker Docker | =18.03.1-ce-rc1 | |
Docker Docker | =18.03.1-ce-rc2 | |
Docker Docker | =18.04.0-ce | |
Docker Docker | =18.04.0-ce-rc1 | |
Docker Docker | =18.04.0-ce-rc2 | |
Docker Docker | =18.05.0-ce | |
Docker Docker | =18.05.0-ce-rc1 | |
Docker Docker | =18.06.0-ce | |
Docker Docker | =18.06.0-ce-rc1 | |
Docker Docker | =18.06.0-ce-rc2 | |
Docker Docker | =18.06.0-ce-rc3 | |
Docker Docker | =18.06.1-ce-rc1 | |
Docker Docker | =18.06.1-ce-rc2 | |
debian/docker.io | 18.09.1+dfsg1-7.1+deb10u3 20.10.5+dfsg1-1+deb11u2 20.10.24+dfsg1-1 20.10.25+dfsg1-2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.