Docker is prone to a directory-traversal vulnerability.
An attacker may exploit this issue to gain read/write access to the files outside of the restricted directory; this may aid in further attacks.
Information
Exploit
The researcher has created a proof-of-concept to demonstrate the issue. Please see the references for more information.
References:
- Docker - Homepage (Docker)
- Bug 1096726 - (CVE-2018-15664) VUL-0: CVE-2018-15664: docker: 'docker cp' is vu ()
- Properly handle paths with symlink path components #6000 ()
- cp command follows symlinks into the host filesystem, not the container #5619 ()
- CVE-2018-15664 | Docker Elevation of Privilege Vulnerability (Microsoft)
- CVE-2018-15664: docker (all versions) is vulnerable to a symlink-race attack ()
- daemon: archive: pause containers before doing filesystem operations #39252 (Github)