All Vulnerability Reports

CVE-2018-15664: Docker Symlink Directory Traversal Vulnerability


Severity

High

Vendor

Pivotal

Description

Pivotal Container Service (1.4.x versions prior to 1.4.3) depends on a vulnerable version of docker (affected versions through 18.06.1-ce-rc2), the API endpoints behind the 'docker cp' command are vulnerable to a symlink-exchange attack with Directory Traversal, giving attackers arbitrary read-write access to the host filesystem with root privileges, because daemon/archive.go does not do archive operations on a frozen filesystem (or from within a chroot).

Affected VMware Products and Versions

Severity is high unless otherwise noted.

  • Pivotal Container Service (PKS)
    • 1.4 versions prior to 1.4.3

Mitigation

Users of affected versions should apply the following mitigation or upgrade. Releases that have fixed this issue include:

  • Pivotal Container Service (PKS)
    • 1.4.3

References

History

2019-10-15: Initial vulnerability report published.