vulnerability

Docker CE: Permissions, Privileges, and Access Controls (CVE-2019-15752)

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
9	(AV:N/AC:M/Au:N/C:C/I:C/A:C)	Aug 28, 2019	Apr 16, 2020	May 3, 2022

Severity

CVSS

(AV:N/AC:M/Au:N/C:C/I:C/A:C)

Published

Aug 28, 2019

Added

Apr 16, 2020

Modified

May 3, 2022

Description

Docker Desktop Community Edition before 2.1.0.1 allows local users to gain privileges by placing a Trojan horse docker-credential-wincred.exe file in %PROGRAMDATA%\DockerDesktop\version-bin\ as a low-privilege user, and then waiting for an admin or service user to authenticate with Docker, restart Docker, or run 'docker login' to force the command.

Solution

docker-ce-upgrade-2_1_0_1

References

CVE-2019-15752
https://attackerkb.com/topics/CVE-2019-15752
URL-https://medium.com/@morgan.henry.roman/elevation-of-privilege-in-docker-for-windows-2fd8450b478e

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today