CVE-2018-15514

by Fred · 31/08/2018

HandleRequestAsync in Docker for Windows before 18.06.0-ce-rc3-win68 (edge) and before 18.06.0-ce-win72 (stable) deserialized requests over the \.pipedockerBackend named pipe without verifying the validity of the deserialized .NET objects. This would allow a malicious user in the "docker-users" group (who may not otherwise have administrator access) to escalate to administrator privileges.

Date published : 2018-08-31

http://www.securityfocus.com/bid/105202

https://docs.docker.com/docker-for-windows/edge-release-notes/

CVE-2018-15514

Similar

Recent Posts

Categories

CVE-2018-15514

Share this:

Similar

Recent Posts

Categories

Tags