CVE-2019-15752
Docker Desktop Community Edition Privilege Escalation Vulnerability
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
YesDecision
Descriptions
Docker Desktop Community Edition before 2.1.0.1 allows local users to gain privileges by placing a Trojan horse docker-credential-wincred.exe file in %PROGRAMDATA%\DockerDesktop\version-bin\ as a low-privilege user, and then waiting for an admin or service user to authenticate with Docker, restart Docker, or run 'docker login' to force the command.
Docker Desktop Community Edition antes de 2.1.0.1 permite a los usuarios locales obtener privilegios al colocar un archivo trojan horse docker-credential-wincred.exe en% PROGRAMDATA% \ DockerDesktop \ version-bin \ como un usuario con pocos privilegios y luego esperar un administrador o usuario de servicio para identificarse con Docker, reiniciar Docker o ejecutar 'inicio de sesiĆ³n de docker' para forzar el comando.
Docker Desktop Community Edition contains a vulnerability that may allow local users to escalate privileges by placing a trojan horse docker-credential-wincred.exe file in %PROGRAMDATA%\DockerDesktop\version-bin\.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2019-08-28 CVE Reserved
- 2019-08-28 CVE Published
- 2020-04-28 First Exploit
- 2021-11-03 Exploited in Wild
- 2022-05-03 KEV Due Date
- 2024-08-05 CVE Updated
- 2024-11-01 EPSS Updated
CWE
- CWE-732: Incorrect Permission Assignment for Critical Resource
CAPEC
References (5)
URL | Date | SRC |
---|---|---|
https://www.exploit-db.com/exploits/48388 | 2020-04-28 |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Docker Search vendor "Docker" | Docker Search vendor "Docker" for product "Docker" | < 2.1.0.1 Search vendor "Docker" for product "Docker" and version " < 2.1.0.1" | community |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | - | - |
Safe
|