Docker Desktop Community Edition before 2.1.0.1 allows local users to gain privileges by placing a Trojan horse docker-credential-wincred.exe file in %PROGRAMDATA%\DockerDesktop\version-bin\ as a low-privilege user, and then waiting for an admin or service user to authenticate with Docker, restart Docker, or run 'docker login' to force the command.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2019-08-28T20:24:33

Updated: 2024-08-05T00:56:22.486Z

Reserved: 2019-08-28T00:00:00

Link: CVE-2019-15752

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2019-08-28T21:15:10.880

Modified: 2024-07-25T16:24:56.683

Link: CVE-2019-15752

cve-icon Redhat

No data.