{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2018-08-31T00:00:00.000Z", "descriptions": [{"lang": "en", "value": "HandleRequestAsync in Docker for Windows before 18.06.0-ce-rc3-win68 (edge) and before 18.06.0-ce-win72 (stable) deserialized requests over the \\\\.\\pipe\\dockerBackend named pipe without verifying the validity of the deserialized .NET objects. This would allow a malicious user in the \"docker-users\" group (who may not otherwise have administrator access) to escalate to administrator privileges."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-09-05T09:57:01.000Z", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://srcincite.io/blog/2018/08/31/you-cant-contain-me-analyzing-and-exploiting-an-elevation-of-privilege-in-docker-for-windows.html"}, {"tags": ["x_refsource_MISC"], "url": "https://docs.docker.com/docker-for-windows/release-notes/"}, {"tags": ["x_refsource_MISC"], "url": "https://docs.docker.com/docker-for-windows/edge-release-notes/"}, {"name": "105202", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/105202"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-15514", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "HandleRequestAsync in Docker for Windows before 18.06.0-ce-rc3-win68 (edge) and before 18.06.0-ce-win72 (stable) deserialized requests over the \\\\.\\pipe\\dockerBackend named pipe without verifying the validity of the deserialized .NET objects. This would allow a malicious user in the \"docker-users\" group (who may not otherwise have administrator access) to escalate to administrator privileges."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://srcincite.io/blog/2018/08/31/you-cant-contain-me-analyzing-and-exploiting-an-elevation-of-privilege-in-docker-for-windows.html", "refsource": "MISC", "url": "https://srcincite.io/blog/2018/08/31/you-cant-contain-me-analyzing-and-exploiting-an-elevation-of-privilege-in-docker-for-windows.html"}, {"name": "https://docs.docker.com/docker-for-windows/release-notes/", "refsource": "MISC", "url": "https://docs.docker.com/docker-for-windows/release-notes/"}, {"name": "https://docs.docker.com/docker-for-windows/edge-release-notes/", "refsource": "MISC", "url": "https://docs.docker.com/docker-for-windows/edge-release-notes/"}, {"name": "105202", "refsource": "BID", "url": "http://www.securityfocus.com/bid/105202"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T09:54:03.679Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://srcincite.io/blog/2018/08/31/you-cant-contain-me-analyzing-and-exploiting-an-elevation-of-privilege-in-docker-for-windows.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://docs.docker.com/docker-for-windows/release-notes/"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://docs.docker.com/docker-for-windows/edge-release-notes/"}, {"name": "105202", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/105202"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2018-15514", "datePublished": "2018-09-01T01:00:00.000Z", "dateReserved": "2018-08-18T00:00:00.000Z", "dateUpdated": "2024-08-05T09:54:03.679Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:docker:docker:1.10.0.0-0:*:*:*:community:windows:*:*", "matchCriteriaId": "75EE0C09-2480-49C2-82CF-CFE415EA1D46", "vulnerable": true}, {"criteria": "cpe:2.3:a:docker:docker:1.10.1.42-1:*:*:*:community:windows:*:*", "matchCriteriaId": "C64BD778-32B2-48A7-A60E-B40632071A3D", "vulnerable": true}, {"criteria": "cpe:2.3:a:docker:docker:1.10.2.12:*:*:*:community:windows:*:*", "matchCriteriaId": "F0C1D108-3116-4760-B60A-29B0AC5DDD9F", "vulnerable": true}, {"criteria": "cpe:2.3:a:docker:docker:1.10.2.14:*:*:*:community:windows:*:*", "matchCriteriaId": "F8A5EFD1-686B-45EE-8486-379BE11BF3F7", "vulnerable": true}, {"criteria": "cpe:2.3:a:docker:docker:1.10.4.0:*:*:*:community:windows:*:*", "matchCriteriaId": "C941DFFA-E63E-4C1E-944E-5145BE8520A6", "vulnerable": true}, {"criteria": "cpe:2.3:a:docker:docker:1.10.6:*:*:*:community:windows:*:*", "matchCriteriaId": "ED4DAF79-618F-414E-BA01-49E6A559CF50", "vulnerable": true}, {"criteria": "cpe:2.3:a:docker:docker:1.11.0:*:*:*:community:windows:*:*", "matchCriteriaId": "7773B0DB-BC39-402E-BECC-7E5D60C05212", "vulnerable": true}, {"criteria": "cpe:2.3:a:docker:docker:1.11.0:beta10:*:*:community:windows:*:*", "matchCriteriaId": "BB8D95B4-919C-44C6-BD5F-1C074C03C806", "vulnerable": true}, {"criteria": "cpe:2.3:a:docker:docker:1.11.0:beta7:*:*:community:windows:*:*", "matchCriteriaId": "3F354463-E70D-4EC2-BA5F-0260E46EA849", "vulnerable": true}, {"criteria": "cpe:2.3:a:docker:docker:1.11.0:beta8:*:*:community:windows:*:*", "matchCriteriaId": "F4BEB0C7-CC5C-4064-8048-2F3E82BE49AD", "vulnerable": true}, {"criteria": "cpe:2.3:a:docker:docker:1.11.0:beta9:*:*:community:windows:*:*", "matchCriteriaId": "EAFFE22E-C685-4E4B-8A52-338896CE54BF", "vulnerable": true}, {"criteria": "cpe:2.3:a:docker:docker:1.11.1:beta11:*:*:community:windows:*:*", "matchCriteriaId": "5A22BE8E-99A1-4E35-A9F5-39CACE1B6040", "vulnerable": true}, {"criteria": "cpe:2.3:a:docker:docker:1.11.1:beta11b:*:*:community:windows:*:*", "matchCriteriaId": "621EBA1C-6209-458F-8518-C93A727CE60F", "vulnerable": true}, {"criteria": "cpe:2.3:a:docker:docker:1.11.1:beta12:*:*:community:windows:*:*", "matchCriteriaId": "B2E93E38-3E5F-4174-A823-DD788D4A1829", "vulnerable": true}, {"criteria": "cpe:2.3:a:docker:docker:1.11.1:beta13:*:*:community:windows:*:*", "matchCriteriaId": "9D2D3C31-F2DB-47C1-9341-E64011D86661", "vulnerable": true}, {"criteria": "cpe:2.3:a:docker:docker:1.11.1:beta14:*:*:community:windows:*:*", "matchCriteriaId": "81A2DB95-E0D9-4D33-A39E-C351D975F1B0", "vulnerable": true}, {"criteria": "cpe:2.3:a:docker:docker:1.11.2:beta15:*:*:community:windows:*:*", "matchCriteriaId": "8B0A4AEE-7EE9-44B1-9AAE-D3DFACD8F98E", "vulnerable": true}, {"criteria": "cpe:2.3:a:docker:docker:1.12.0:*:*:*:*:windows:*:*", "matchCriteriaId": "075C09B5-FE9E-44C0-AFD4-B2BDCE2FDAA7", "vulnerable": true}, {"criteria": "cpe:2.3:a:docker:docker:1.12.0:beta21:*:*:community:windows:*:*", "matchCriteriaId": "F6663998-DBE2-49B8-9636-8F4BBCFC3DBC", "vulnerable": true}, {"criteria": "cpe:2.3:a:docker:docker:1.12.0:beta22:*:*:community:windows:*:*", "matchCriteriaId": "93EDCD8A-0432-4BF9-868E-FA9074060EC1", "vulnerable": true}, {"criteria": "cpe:2.3:a:docker:docker:1.12.0:rc2-beta16:*:*:community:windows:*:*", "matchCriteriaId": "B1CAD773-44AF-40AC-B65D-97F3A0689FAA", "vulnerable": true}, {"criteria": "cpe:2.3:a:docker:docker:1.12.0:rc2-beta17:*:*:community:windows:*:*", "matchCriteriaId": "A52E65C6-7DB4-468D-B91F-654BFDE9C3C5", "vulnerable": true}, {"criteria": "cpe:2.3:a:docker:docker:1.12.0:rc3-beta18:*:*:community:windows:*:*", "matchCriteriaId": "06F89D97-7665-433B-B25F-F66FE23B6AEC", "vulnerable": true}, {"criteria": "cpe:2.3:a:docker:docker:1.12.0:rc3-beta18.1:*:*:community:windows:*:*", "matchCriteriaId": "881FB068-8B13-4585-A718-3BFF119A0934", "vulnerable": true}, {"criteria": "cpe:2.3:a:docker:docker:1.12.0:rc4-beta19:*:*:community:windows:*:*", "matchCriteriaId": "C901FDA8-23BF-40E3-9427-AC8B40145F18", "vulnerable": true}, {"criteria": "cpe:2.3:a:docker:docker:1.12.0:rc4-beta20:*:*:community:windows:*:*", "matchCriteriaId": "59DD40E5-C7EE-4D7D-B551-2EE7F52CDFDD", "vulnerable": true}, {"criteria": "cpe:2.3:a:docker:docker:1.12.1:*:*:*:*:windows:*:*", "matchCriteriaId": "3A24BD65-38A7-46E4-8482-0947BD58757E", "vulnerable": true}, {"criteria": "cpe:2.3:a:docker:docker:1.12.1:beta24:*:*:community:windows:*:*", "matchCriteriaId": "8778CDA0-4018-4AF9-996C-3EB8EDD7DC0C", "vulnerable": true}, {"criteria": "cpe:2.3:a:docker:docker:1.12.1:beta25:*:*:community:windows:*:*", "matchCriteriaId": "514E870E-47BA-44C9-9E32-731D9F69C4F0", "vulnerable": true}, {"criteria": "cpe:2.3:a:docker:docker:1.12.1:beta26:*:*:community:windows:*:*", "matchCriteriaId": "E1971949-CA54-4E81-B355-10717F0C0CD8", "vulnerable": true}, {"criteria": "cpe:2.3:a:docker:docker:1.12.1:beta29.1:*:*:community:windows:*:*", "matchCriteriaId": "A032102B-84D1-408D-838B-E38574AF5514", "vulnerable": true}, {"criteria": "cpe:2.3:a:docker:docker:1.12.1:rc1-beta23:*:*:community:windows:*:*", "matchCriteriaId": "4067DC55-E422-4E39-AF38-0F006098F349", "vulnerable": true}, {"criteria": "cpe:2.3:a:docker:docker:1.12.2:beta29.2:*:*:community:windows:*:*", "matchCriteriaId": "27616814-A5AB-44F2-92E9-0FF11F859B2C", "vulnerable": true}, {"criteria": "cpe:2.3:a:docker:docker:1.12.2:rc1-beta27:*:*:community:windows:*:*", "matchCriteriaId": "A246673D-ADFB-459B-BCB6-002EE99A5077", "vulnerable": true}, {"criteria": "cpe:2.3:a:docker:docker:1.12.2:rc3-beta28:*:*:community:windows:*:*", "matchCriteriaId": "7CEE20EA-A79A-46A0-B127-6AA3AFE8776C", "vulnerable": true}, {"criteria": "cpe:2.3:a:docker:docker:1.12.3:*:*:*:*:windows:*:*", "matchCriteriaId": "1565619C-D6CD-4446-8D42-7845E11F903F", "vulnerable": true}, {"criteria": "cpe:2.3:a:docker:docker:1.12.3:beta29.3:*:*:community:windows:*:*", "matchCriteriaId": "53B50673-0CCE-4A1D-BAC9-464AA3C4C792", "vulnerable": true}, {"criteria": "cpe:2.3:a:docker:docker:1.12.3:beta30:*:*:community:windows:*:*", "matchCriteriaId": "14D7FA2B-FE02-4BFA-90FC-B5349D0D0490", "vulnerable": true}, {"criteria": "cpe:2.3:a:docker:docker:1.12.3:rc1-beta29:*:*:community:windows:*:*", "matchCriteriaId": "2C172802-03EA-4AE0-B570-151ABB0E8266", "vulnerable": true}, {"criteria": "cpe:2.3:a:docker:docker:1.12.5:*:*:*:*:windows:*:*", "matchCriteriaId": "5CE4B770-DFC9-422D-8CFD-F899DD32D142", "vulnerable": true}, {"criteria": "cpe:2.3:a:docker:docker:1.13.0:*:*:*:*:windows:*:*", "matchCriteriaId": "ABBD2ACE-307E-4021-9165-2560658643F1", "vulnerable": true}, {"criteria": "cpe:2.3:a:docker:docker:1.13.0:beta38:*:*:community:windows:*:*", "matchCriteriaId": "28B27B5C-FC2E-4D5F-AD80-6DC1512737C7", "vulnerable": true}, {"criteria": "cpe:2.3:a:docker:docker:1.13.0:beta39:*:*:community:windows:*:*", "matchCriteriaId": "D4C45FBD-DDC5-4D5E-B685-BC875C1123DD", "vulnerable": true}, {"criteria": "cpe:2.3:a:docker:docker:1.13.0:rc2-beta31:*:*:community:windows:*:*", "matchCriteriaId": "63149AFC-FF10-4891-9FF7-5E29BED332FF", "vulnerable": true}, {"criteria": "cpe:2.3:a:docker:docker:1.13.0:rc3-beta32:*:*:community:windows:*:*", "matchCriteriaId": "80504172-D891-46ED-968B-15A16851E055", "vulnerable": true}, {"criteria": "cpe:2.3:a:docker:docker:1.13.0:rc3-beta32.1:*:*:community:windows:*:*", "matchCriteriaId": "3DDB7AD7-13A8-4406-AAF6-04335C8EC9D3", "vulnerable": true}, {"criteria": "cpe:2.3:a:docker:docker:1.13.0:rc3-beta33:*:*:community:windows:*:*", "matchCriteriaId": "6E3EA94A-E759-4D09-AE37-4285E7DB625E", "vulnerable": true}, {"criteria": "cpe:2.3:a:docker:docker:1.13.0:rc4-beta34:*:*:community:windows:*:*", "matchCriteriaId": "42C702B0-4C6D-4595-921D-6F8444BDD27D", "vulnerable": true}, {"criteria": "cpe:2.3:a:docker:docker:1.13.0:rc5-beta35:*:*:community:windows:*:*", "matchCriteriaId": "8DC93CDE-EA4C-46C3-BCEF-5853F891AD71", "vulnerable": true}, {"criteria": "cpe:2.3:a:docker:docker:1.13.0:rc6-beta36:*:*:community:windows:*:*", "matchCriteriaId": "928B8913-9E02-4EC4-9D95-C94848828C07", "vulnerable": true}, {"criteria": "cpe:2.3:a:docker:docker:1.13.0:rc7-beta37:*:*:community:windows:*:*", "matchCriteriaId": "77E37EC4-EB4D-48ED-8B2A-C86506D121CD", "vulnerable": true}, {"criteria": "cpe:2.3:a:docker:docker:1.13.1:*:*:*:*:windows:*:*", "matchCriteriaId": "1BF8ED77-6AB6-49C0-B456-0672F0007C6D", "vulnerable": true}, {"criteria": "cpe:2.3:a:docker:docker:1.13.1:rc1-beta40:*:*:community:windows:*:*", "matchCriteriaId": "AAF125E9-74FE-4C4F-862E-F85075CAC778", "vulnerable": true}, {"criteria": "cpe:2.3:a:docker:docker:1.13.1:rc2-beta41:*:*:community:windows:*:*", "matchCriteriaId": "B012C23D-DA07-466D-83BE-E96207646033", "vulnerable": true}, {"criteria": "cpe:2.3:a:docker:docker:17.0.4:win7:*:*:community:windows:*:*", "matchCriteriaId": "6AB3E159-4585-4BA8-B3F0-1C34656DBF7C", "vulnerable": true}, {"criteria": "cpe:2.3:a:docker:docker:17.0.5:win9:*:*:community:windows:*:*", "matchCriteriaId": "7ACFEE15-EE8A-4C9A-826E-30D7F97071C7", "vulnerable": true}, {"criteria": "cpe:2.3:a:docker:docker:17.03.0:*:*:*:community:windows:*:*", "matchCriteriaId": "516BBB86-054E-49DF-8DDC-CE74639DDD12", "vulnerable": true}, {"criteria": "cpe:2.3:a:docker:docker:17.03.0:rc1-win1:*:*:community:windows:*:*", "matchCriteriaId": "564BCCEC-E6D8-4B5D-A6E4-876D3F671851", "vulnerable": true}, {"criteria": "cpe:2.3:a:docker:docker:17.03.1:win12:*:*:community:windows:*:*", "matchCriteriaId": "DD07550E-3155-475B-8152-2A7256F9BF74", "vulnerable": true}, {"criteria": "cpe:2.3:a:docker:docker:17.04.0:win6:*:*:community:windows:*:*", "matchCriteriaId": "D98B4755-468F-45C4-91C6-CCA87A218F23", "vulnerable": true}, {"criteria": "cpe:2.3:a:docker:docker:17.06.0:win13:*:*:community:windows:*:*", "matchCriteriaId": "ED89DFDA-30CC-4835-A249-684DF582C5CE", "vulnerable": true}, {"criteria": "cpe:2.3:a:docker:docker:17.06.0:win14:*:*:community:windows:*:*", "matchCriteriaId": "60CFB208-6C04-4412-B45F-55DF1AEF911B", "vulnerable": true}, {"criteria": "cpe:2.3:a:docker:docker:17.06.0:win15:*:*:community:windows:*:*", "matchCriteriaId": "B192ABF5-8FF4-47AF-9D6B-F87D44F2AB71", "vulnerable": true}, {"criteria": "cpe:2.3:a:docker:docker:17.06.0:win16:*:*:community:windows:*:*", "matchCriteriaId": "05C9D372-2016-4209-95EF-B878D12B6135", "vulnerable": true}, {"criteria": "cpe:2.3:a:docker:docker:17.06.0:win17:*:*:community:windows:*:*", "matchCriteriaId": "A6ADB083-FD23-4A7F-B1C8-37F6A7B242E3", "vulnerable": true}, {"criteria": "cpe:2.3:a:docker:docker:17.06.0:win18:*:*:community:windows:*:*", "matchCriteriaId": "E3AFEDA5-18A0-4282-A167-B1A89E507D49", "vulnerable": true}, {"criteria": "cpe:2.3:a:docker:docker:17.06.1:rc1-win20:*:*:community:windows:*:*", "matchCriteriaId": "5EEAE95B-3992-48B2-9948-4BB67BE23C40", "vulnerable": true}, {"criteria": "cpe:2.3:a:docker:docker:17.06.1:rc1-win24:*:*:community:windows:*:*", "matchCriteriaId": "4CA3DF3A-9460-4F94-A1C8-6266110ACEB9", "vulnerable": true}, {"criteria": "cpe:2.3:a:docker:docker:17.06.2:win27:*:*:community:windows:*:*", "matchCriteriaId": "D4CE903B-BB7C-4E12-A876-CBE7A0CFB8EF", "vulnerable": true}, {"criteria": "cpe:2.3:a:docker:docker:17.07.0:rc1-win21:*:*:community:windows:*:*", "matchCriteriaId": "9A6DDBBE-813B-4834-819C-3C10A0E6D27E", "vulnerable": true}, {"criteria": "cpe:2.3:a:docker:docker:17.07.0:rc2-win22:*:*:community:windows:*:*", "matchCriteriaId": "FD578365-B1F2-4206-90D5-204DCA0C3C96", "vulnerable": true}, {"criteria": "cpe:2.3:a:docker:docker:17.07.0:rc3-win23:*:*:community:windows:*:*", "matchCriteriaId": "5F8F7EA2-1629-445C-8C84-729F61E6AF47", "vulnerable": true}, {"criteria": "cpe:2.3:a:docker:docker:17.07.0:rc4-win25:*:*:community:windows:*:*", "matchCriteriaId": "D62A6E93-EF27-4AAF-9A9A-D0359D16D251", "vulnerable": true}, {"criteria": "cpe:2.3:a:docker:docker:17.07.0:win26:*:*:community:windows:*:*", "matchCriteriaId": "061988B5-5AB9-43C8-9FAB-DDB0E4FD3939", "vulnerable": true}, {"criteria": "cpe:2.3:a:docker:docker:17.09.0:rc1-win28:*:*:community:windows:*:*", "matchCriteriaId": "0DBC9ED8-F35B-4166-9CC1-6EC98BBCA934", "vulnerable": true}, {"criteria": "cpe:2.3:a:docker:docker:17.09.0:rc2-win29:*:*:community:windows:*:*", "matchCriteriaId": "B8C2214C-0501-4599-A87C-00761AA74D6D", "vulnerable": true}, {"criteria": "cpe:2.3:a:docker:docker:17.09.0:rc3-win30:*:*:community:windows:*:*", "matchCriteriaId": "333C132D-5428-4D7F-A45A-003E3FE8B759", "vulnerable": true}, {"criteria": "cpe:2.3:a:docker:docker:17.09.0:win31:*:*:community:windows:*:*", "matchCriteriaId": "25C1E065-84AB-4869-AF39-70FD9D56B25B", "vulnerable": true}, {"criteria": "cpe:2.3:a:docker:docker:17.09.0:win32:*:*:community:windows:*:*", "matchCriteriaId": "00364002-CD94-4836-99DD-1DCEBCAE5366", "vulnerable": true}, {"criteria": "cpe:2.3:a:docker:docker:17.09.0:win33:*:*:community:windows:*:*", "matchCriteriaId": "8F4ED954-7BBD-4748-8E7A-87AC736CF915", "vulnerable": true}, {"criteria": "cpe:2.3:a:docker:docker:17.09.0:win34:*:*:community:windows:*:*", "matchCriteriaId": "C6B34836-13CE-4C80-BBE4-00BF192FB62E", "vulnerable": true}, {"criteria": "cpe:2.3:a:docker:docker:17.09.1:win42:*:*:community:windows:*:*", "matchCriteriaId": "EA48FE95-EC6E-412E-B39B-AA069EBDC6A1", "vulnerable": true}, {"criteria": "cpe:2.3:a:docker:docker:17.10.0:win36:*:*:community:windows:*:*", "matchCriteriaId": "9E2EAFA5-AE2C-40F3-8C77-3488A90F3C7D", "vulnerable": true}, {"criteria": "cpe:2.3:a:docker:docker:17.11.0:rc2-win37:*:*:community:windows:*:*", "matchCriteriaId": "5EDF8C69-CA99-4013-85E4-3B0B83C66756", "vulnerable": true}, {"criteria": "cpe:2.3:a:docker:docker:17.11.0:rc3-win38:*:*:community:windows:*:*", "matchCriteriaId": "3E656584-3B8E-4C45-81F6-A6A9228D1A13", "vulnerable": true}, {"criteria": "cpe:2.3:a:docker:docker:17.11.0:rc4-win39:*:*:community:windows:*:*", "matchCriteriaId": "01449C91-E503-447B-B692-B1B79E15DF6B", "vulnerable": true}, {"criteria": "cpe:2.3:a:docker:docker:17.11.0:win40:*:*:community:windows:*:*", "matchCriteriaId": "DC81DD87-91FF-4A2B-B0FA-8C5E9FE972FA", "vulnerable": true}, {"criteria": "cpe:2.3:a:docker:docker:17.12.0:rc2-win41:*:*:community:windows:*:*", "matchCriteriaId": "906378CF-358A-45D0-ACA4-91B92668DA0E", "vulnerable": true}, {"criteria": "cpe:2.3:a:docker:docker:17.12.0:rc3-win43:*:*:community:windows:*:*", "matchCriteriaId": "47BD87E0-2D15-4BCA-8834-E7E8FEA84AF4", "vulnerable": true}, {"criteria": "cpe:2.3:a:docker:docker:17.12.0:rc4-win44:*:*:community:windows:*:*", "matchCriteriaId": "CBC1A03F-7B4A-49A7-BD97-DB0CCD3DE1DB", "vulnerable": true}, {"criteria": "cpe:2.3:a:docker:docker:17.12.0:win45:*:*:community:windows:*:*", "matchCriteriaId": "5EFECB02-3416-462F-8D59-13C1A1E301DD", "vulnerable": true}, {"criteria": "cpe:2.3:a:docker:docker:17.12.0:win46:*:*:community:windows:*:*", "matchCriteriaId": "CD3A423E-3900-410E-A4E9-E4FC0571732C", "vulnerable": true}, {"criteria": "cpe:2.3:a:docker:docker:17.12.0:win47:*:*:community:windows:*:*", "matchCriteriaId": "EF28F00E-801C-47C5-B4F2-C8C37D6DF9BB", "vulnerable": true}, {"criteria": "cpe:2.3:a:docker:docker:18.01.0:win48:*:*:community:windows:*:*", "matchCriteriaId": "FBA4C9AD-F692-4130-8968-B1C67C76C666", "vulnerable": true}, {"criteria": "cpe:2.3:a:docker:docker:18.02.0:rc1-win50:*:*:community:windows:*:*", "matchCriteriaId": "D158838B-15AD-4BFE-A6D8-E6980337BEE5", "vulnerable": true}, {"criteria": "cpe:2.3:a:docker:docker:18.02.0:rc2-win51:*:*:community:windows:*:*", "matchCriteriaId": "3CD92CB8-6369-4212-8BEB-0395A9FB9115", "vulnerable": true}, {"criteria": "cpe:2.3:a:docker:docker:18.02.0:win52:*:*:community:windows:*:*", "matchCriteriaId": "E1EAC1F9-0A84-4FD6-B552-87BA9020257C", "vulnerable": true}, {"criteria": "cpe:2.3:a:docker:docker:18.03.0:rc3-win56:*:*:community:windows:*:*", "matchCriteriaId": "E60F90BB-A3DD-47C0-8F7E-BAD8045331B6", "vulnerable": true}, {"criteria": "cpe:2.3:a:docker:docker:18.03.0:win58:*:*:community:windows:*:*", "matchCriteriaId": "4B35132A-1955-49E9-A336-5C9390B51A84", "vulnerable": true}, {"criteria": "cpe:2.3:a:docker:docker:18.03.0:win59:*:*:community:windows:*:*", "matchCriteriaId": "F143F995-DB17-40F6-9797-39A9CBFC487E", "vulnerable": true}, {"criteria": "cpe:2.3:a:docker:docker:18.03.1:win65:*:*:community:windows:*:*", "matchCriteriaId": "C824F3F5-1DD6-4DE9-ADE0-3F677EFD75F7", "vulnerable": true}, {"criteria": "cpe:2.3:a:docker:docker:18.04.0:rc2-win61:*:*:community:windows:*:*", "matchCriteriaId": "56D08EEE-6A53-4D9D-BDAD-308B980E3529", "vulnerable": true}, {"criteria": "cpe:2.3:a:docker:docker:18.05.0:rc1-win63:*:*:community:windows:*:*", "matchCriteriaId": "C20F89FB-C503-4EB1-8786-8E32EF0F6717", "vulnerable": true}, {"criteria": "cpe:2.3:a:docker:docker:18.05.0:win66:*:*:community:windows:*:*", "matchCriteriaId": "A92250A7-C706-43AC-A74B-0D6E7730742A", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "HandleRequestAsync in Docker for Windows before 18.06.0-ce-rc3-win68 (edge) and before 18.06.0-ce-win72 (stable) deserialized requests over the \\\\.\\pipe\\dockerBackend named pipe without verifying the validity of the deserialized .NET objects. This would allow a malicious user in the \"docker-users\" group (who may not otherwise have administrator access) to escalate to administrator privileges."}, {"lang": "es", "value": "HandleRequestAsync en Docker para Windows en versiones anteriores a la 18.06.0-ce-rc3-win68 (edge) y anteriores a la 18.06.0-ce-win72 (estable) deserializaba peticiones a trav\u00e9s de la tuber\u00eda nombrada \\\\.\\pipe\\dockerBackend sin verificar la validez de los objetos .NET deserializados. Esto permitir\u00eda que un usuario malicioso en el grupo \"docker-users\" (que, de otra forma, podr\u00eda no tener acceso de administrador) escale sus privilegios a nivel de administrador."}], "id": "CVE-2018-15514", "lastModified": "2024-11-21T03:50:59.077", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-09-01T01:29:00.233", "references": [{"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/105202"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://docs.docker.com/docker-for-windows/edge-release-notes/"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://docs.docker.com/docker-for-windows/release-notes/"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://srcincite.io/blog/2018/08/31/you-cant-contain-me-analyzing-and-exploiting-an-elevation-of-privilege-in-docker-for-windows.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/105202"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://docs.docker.com/docker-for-windows/edge-release-notes/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://docs.docker.com/docker-for-windows/release-notes/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory"], "url": "https://srcincite.io/blog/2018/08/31/you-cant-contain-me-analyzing-and-exploiting-an-elevation-of-privilege-in-docker-for-windows.html"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-502"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}