CVE-2018-15664: Docker Symlink Directory Traversal Vulnerability
Severity
High
Vendor
Pivotal
Description
Pivotal Container Service (1.4.x versions prior to 1.4.3) depends on a vulnerable version of docker (affected versions through 18.06.1-ce-rc2), the API endpoints behind the 'docker cp' command are vulnerable to a symlink-exchange attack with Directory Traversal, giving attackers arbitrary read-write access to the host filesystem with root privileges, because daemon/archive.go does not do archive operations on a frozen filesystem (or from within a chroot).
Affected VMware Products and Versions
Severity is high unless otherwise noted.
-
Pivotal Container Service (PKS)
- 1.4 versions prior to 1.4.3
Mitigation
Users of affected versions should apply the following mitigation or upgrade. Releases that have fixed this issue include:
-
Pivotal Container Service (PKS)
- 1.4.3
References
History
2019-10-15: Initial vulnerability report published.