Docker Desktop Community Edition before 2.1.0.1 allows local users to gain privileges by placing a Trojan horse docker-credential-wincred.exe file in %PROGRAMDATA%\DockerDesktop\version-bin\ as a low-privilege user, and then waiting for an admin or service user to authenticate with Docker, restart Docker, or run 'docker login' to force the command.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2019-08-28T20:24:33
Updated: 2024-08-05T00:56:22.486Z
Reserved: 2019-08-28T00:00:00
Link: CVE-2019-15752
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2019-08-28T21:15:10.880
Modified: 2024-07-25T16:24:56.683
Link: CVE-2019-15752
Redhat
No data.