CVE-2021-45449 - OpenCVE

Docker Desktop version 4.3.0 and 4.3.1 has a bug that may log sensitive information (access token or password) on the user's machine during login. This only affects users if they are on Docker Desktop 4.3.0, 4.3.1 and the user has logged in while on 4.3.0, 4.3.1. Gaining access to this data would require having access to the user’s local files.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:L/AC:L/Au:N/C:P/I:N/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Docker	Docker Desktop

Configuration 1 [-]

OR	cpe:2.3:a:docker:docker_desktop:4.3.0:::::::*
	cpe:2.3:a:docker:docker_desktop:4.3.1:::::::*

No data.

References

Link	Providers
https://docs.docker.com/desktop/windows/release-notes/

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2022-01-12T19:29:49

Updated: 2024-08-04T04:39:21.035Z

Reserved: 2021-12-21T00:00:00

Link: CVE-2021-45449

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2022-01-12T20:15:08.567

Modified: 2022-01-19T19:14:43.520

Link: CVE-2021-45449

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "Docker Desktop version 4.3.0 and 4.3.1 has a bug that may log sensitive information (access token or password) on the user's machine during login. This only affects users if they are on Docker Desktop 4.3.0, 4.3.1 and the user has logged in while on 4.3.0, 4.3.1. Gaining access to this data would require having access to the user\u2019s local files."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2022-01-12T19:29:49", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://docs.docker.com/desktop/windows/release-notes/"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2021-45449", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Docker Desktop version 4.3.0 and 4.3.1 has a bug that may log sensitive information (access token or password) on the user's machine during login. This only affects users if they are on Docker Desktop 4.3.0, 4.3.1 and the user has logged in while on 4.3.0, 4.3.1. Gaining access to this data would require having access to the user\u2019s local files."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://docs.docker.com/desktop/windows/release-notes/", "refsource": "MISC", "url": "https://docs.docker.com/desktop/windows/release-notes/"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T04:39:21.035Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://docs.docker.com/desktop/windows/release-notes/"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2021-45449", "datePublished": "2022-01-12T19:29:49", "dateReserved": "2021-12-21T00:00:00", "dateUpdated": "2024-08-04T04:39:21.035Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:docker:docker_desktop:4.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "09B6DCE3-64F2-4F45-B23C-8837AF23146F", "vulnerable": true}, {"criteria": "cpe:2.3:a:docker:docker_desktop:4.3.1:*:*:*:*:*:*:*", "matchCriteriaId": "898AE2A9-8207-41E5-A07C-F0AE2E8B0DB5", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Docker Desktop version 4.3.0 and 4.3.1 has a bug that may log sensitive information (access token or password) on the user's machine during login. This only affects users if they are on Docker Desktop 4.3.0, 4.3.1 and the user has logged in while on 4.3.0, 4.3.1. Gaining access to this data would require having access to the user\u2019s local files."}, {"lang": "es", "value": "Docker Desktop versiones 4.3.0 y 4.3.1, presenta un bug que puede registrar informaci\u00f3n confidencial (token de acceso o contrase\u00f1a) en la m\u00e1quina del usuario durante el inicio de sesi\u00f3n. Esto s\u00f3lo afecta a usuarios si est\u00e1n en Docker Desktop versiones 4.3.0, 4.3.1 y el usuario ha iniciado la sesi\u00f3n mientras est\u00e1 en versiones 4.3.0, 4.3.1. Para acceder a estos datos ser\u00eda necesario tener acceso a los archivos locales del usuario"}], "id": "CVE-2021-45449", "lastModified": "2022-01-19T19:14:43.520", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.1, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-01-12T20:15:08.567", "references": [{"source": "cve@mitre.org", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://docs.docker.com/desktop/windows/release-notes/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-532"}], "source": "nvd@nist.gov", "type": "Primary"}]}