CVSS: 9.3EPSS: 0%CPEs: 2EXPL: 1CVE-2019-15752 – Docker Desktop Community Edition Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2019-15752
Docker Desktop Community Edition before 2.1.0.1 allows local users to gain privileges by placing a Trojan horse docker-credential-wincred.exe file in %PROGRAMDATA%\DockerDesktop\version-bin\ as a low-privilege user, and then waiting for an admin or service user to authenticate with Docker, restart Docker, or run 'docker login' to force the command. Docker Desktop Community Edition antes de 2.1.0.1 permite a los usuarios locales obtener privilegios al colocar un archivo trojan horse docker-credential-wincred.exe en% PROGRAMDATA% \ DockerDesktop \ version-bin \ como un usuario con pocos privilegios y luego esperar un administrador o usuario de servicio para identificarse con Docker, reiniciar Docker o ejecutar 'inicio de sesión de docker' para forzar el comando. Docker Desktop Community Edition contains a vulnerability that may allow local users to escalate privileges by placing a trojan horse docker-credential-wincred.exe file in %PROGRAMDATA%\DockerDesktop\version-bin\. • https://www.exploit-db.com/exploits/48388 http://packetstormsecurity.com/files/157404/Docker-Credential-Wincred.exe-Privilege-Escalation.html https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3E https://medium.com/%40morgan.henry.roman/elevation-of-privilege-in-docker-for-windows-2fd8450b478e https://medium.com/@morgan.henry.roman/elevation-of-privilege-in-docker-for-windows-2fd8450b478e • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 8.4EPSS: 0%CPEs: 1EXPL: 1CVE-2019-13139
https://notcve.org/view.php?id=CVE-2019-13139
In Docker before 18.09.4, an attacker who is capable of supplying or manipulating the build path for the "docker build" command would be able to gain command execution. An issue exists in the way "docker build" processes remote git URLs, and results in command injection into the underlying "git clone" command, leading to code execution in the context of the user executing the "docker build" command. This occurs because git ref can be misinterpreted as a flag. En Docker versiones anteriores a 18.09.4, un atacante que sea capaz de suministrar o manipular la ruta de compilación para el comando "docker build" podría ser capaz de conseguir la ejecución de comandos. Existe un problema en la forma en que "docker build" procesa las URL de git remotas, y resulta en la inyección de comandos en el comando subyacente "git clone", lo que conlleva a la ejecución de código en el contexto del usuario ejecutando el comando "docker build". • https://access.redhat.com/errata/RHBA-2019:3092 https://docs.docker.com/engine/release-notes/#18094 https://github.com/moby/moby/pull/38944 https://seclists.org/bugtraq/2019/Sep/21 https://security.netapp.com/advisory/ntap-20190910-0001 https://staaldraad.github.io/post/2019-07-16-cve-2019-13139-docker-build https://www.debian.org/security/2019/dsa-4521 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.8EPSS: 1%CPEs: 4EXPL: 0CVE-2019-14271
https://notcve.org/view.php?id=CVE-2019-14271
In Docker 19.03.x before 19.03.1 linked against the GNU C Library (aka glibc), code injection can occur when the nsswitch facility dynamically loads a library inside a chroot that contains the contents of the container. En Docker versión 19.03.x anterior a 19.03.1, vinculado contra la Biblioteca C de GNU (también se conoce como glibc), la inyección de código puede ocurrir cuando la facilidad nsswitch carga dinámicamente una biblioteca dentro de un chroot que alberga el contenido del contenedor. • http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00084.html https://docs.docker.com/engine/release-notes https://github.com/moby/moby/issues/39449 https://seclists.org/bugtraq/2019/Sep/21 https://security.netapp.com/advisory/ntap-20190828-0003 https://www.debian.org/security/2019/dsa-4521 • CWE-665: Improper Initialization •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2019-1020014
https://notcve.org/view.php?id=CVE-2019-1020014
docker-credential-helpers before 0.6.3 has a double free in the List functions. docker-credential-helpers anterior a versión 0.6.3, presenta una Vulnerabilidad de Doble Liberación en las funciones List. • https://github.com/docker/docker-credential-helpers/commit/1c9f7ede70a5ab9851f4c9cb37d317fd89cd318a https://github.com/docker/docker-credential-helpers/releases/tag/v0.6.3 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6VVFB6UWUK2GQQN7DVUU6GRRAL637A73 https://usn.ubuntu.com/4103-1 https://usn.ubuntu.com/4103-2 • CWE-415: Double Free •
CVSS: 7.5EPSS: 5%CPEs: 40EXPL: 0CVE-2019-13509
https://notcve.org/view.php?id=CVE-2019-13509
In Docker CE and EE before 18.09.8 (as well as Docker EE before 17.06.2-ee-23 and 18.x before 18.03.1-ee-10), Docker Engine in debug mode may sometimes add secrets to the debug log. This applies to a scenario where docker stack deploy is run to redeploy a stack that includes (non external) secrets. It potentially applies to other API users of the stack API if they resend the secret. En Docker CE y EE antes de 18.09.8 (así como en Docker EE antes de 17.06.2-ee-23 y 18.x antes de 18.03.1-ee-10), Docker Engine en modo de depuración a veces puede agregar secretos al registro de depuración. . Esto se aplica a un escenario en el que la implementación de la pila de la ventana acoplable se ejecuta para volver a implementar una pila que incluye secretos (no externos). • http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00084.html http://www.securityfocus.com/bid/109253 https://docs.docker.com/engine/release-notes https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N674WD3OBDPHLWY6EABRHQH5ON6SUJBU https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PFFBVE7O73TAVY2BCWXSA2OOSLJVCPXC https://seclists.org/bugtraq/2019/Sep/21 https://security.netapp.com/advisory/ntap-20190828-0003 https://www. • CWE-532: Insertion of Sensitive Information into Log File •