A Security Vulnerability affects IBM Cloud Private - Docker (CVE-2018-15664)
CVEID: CVE-2018-15664 DESCRIPTION: Docker could allow a remote attacker to traverse directories on the system, caused by symlink-exchange race attacks in docker cp. By allowing the execution of container processes while conducting filesystem operations on the container, an attacker could exploit this vulnerability to gain read and write access to any path on the host.
CVSS Base Score: 9.1
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/161681> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N)
IBM Cloud Private 2.1.x, 3.1.0, 3.1.1, 3.1.2, 3.2.0
Upgrade to Docker version xxxx (waiting on fix from Docker community) from <link>
If using the IBM Cloud Private supplied Docker package, apply the appropriate patch.
Product defect fixes and security updates are only available for the two most recent Continuous Delivery (CD) update packages
For IBM Cloud Private 3.2.0, apply patch:
For IBM Cloud Private 3.1.2, apply patch:
For IBM Cloud Private, 2.1.x, 3.1.0, 3.1.1:
None