HandleRequestAsync in Docker for Windows prior to 18.06.0-ce-rc3-win68 (edge) and prior to 18.06.0-ce-win72 (stable) deserialized requests over the \\.\pipe\dockerBackend named pipe without verifying the validity of the deserialized .NET objects. This would allow a malicious user in the "docker-users" group (who may not otherwise have administrator access) to escalate to administrator privileges.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
docker docker 1.13.1 |
||
docker docker 1.13.0 |
||
docker docker 1.12.2 |
||
docker docker 1.12.1 |
||
docker docker 1.11.1 |
||
docker docker 1.11.0 |
||
docker docker 18.03.0 |
||
docker docker 18.02.0 |
||
docker docker 17.09.0 |
||
docker docker 17.07.0 |
||
docker docker 17.03.0 |
||
docker docker 1.12.5 |
||
docker docker 17.03.1 |
||
docker docker 18.03.1 |
||
docker docker 1.12.3 |
||
docker docker 1.12.0 |
||
docker docker 1.10.4.0 |
||
docker docker 1.10.2.14 |
||
docker docker 1.10.2.12 |
||
docker docker 1.10.1.42-1 |
||
docker docker 17.12.0 |
||
docker docker 17.11.0 |
||
docker docker 17.06.1 |
||
docker docker 17.06.0 |
||
docker docker 17.09.1 |
||
docker docker 18.05.0 |
||
docker docker 18.04.0 |
||
docker docker 17.0.5 |
||
docker docker 17.04.0 |
||
docker docker 17.06.2 |
||
docker docker 1.11.2 |
||
docker docker 1.10.6 |
||
docker docker 1.10.0.0-0 |
||
docker docker 18.01.0 |
||
docker docker 17.10.0 |
||
docker docker 17.0.4 |