Docker Arbitrary File Read/Write Access Vulnerability

A critical race condition vulnerability has been disclosed in the Docker, tracked as CVE-2018-15664. The vulnerability affects all versions of Docker and resides in the FollowSymlinkInScope function, which is vulnerable to the time of check to time of use (TOCTOU) attack. Affected Versions: All Docker versions available till now. Vulnerability: Form the bug, it appears … Continue reading “Docker Arbitrary File Read/Write Access Vulnerability”