CVE-2022-26659 - OpenCVE

Docker Desktop installer on Windows in versions before 4.6.0 allows an attacker to overwrite any administrator writable files by creating a symlink in place of where the installer writes its log file. Starting from version 4.6.0, the Docker Desktop installer, when run elevated, will write its log files to a location not writable by non-administrator users.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact Partial

AV:L/AC:L/Au:N/C:N/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Docker	Docker Desktop
Microsoft	Windows

Configuration 1 [-]

AND

cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

cpe:2.3:a:docker:docker_desktop:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://docs.docker.com/desktop/windows/release-notes/
https://docs.docker.com/docker-for-windows/release-notes/
https://github.com/hmnthabit/Advisories/blob/master/CVE-2022-26659.md

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2022-03-25T20:50:50

Updated: 2024-08-03T05:11:43.336Z

Reserved: 2022-03-07T00:00:00

Link: CVE-2022-26659

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2022-03-25T21:15:09.140

Modified: 2023-02-01T15:56:16.437

Link: CVE-2022-26659

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "Docker Desktop installer on Windows in versions before 4.6.0 allows an attacker to overwrite any administrator writable files by creating a symlink in place of where the installer writes its log file. Starting from version 4.6.0, the Docker Desktop installer, when run elevated, will write its log files to a location not writable by non-administrator users."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2022-06-22T14:31:06", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://docs.docker.com/docker-for-windows/release-notes/"}, {"tags": ["x_refsource_MISC"], "url": "https://docs.docker.com/desktop/windows/release-notes/"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/hmnthabit/Advisories/blob/master/CVE-2022-26659.md"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2022-26659", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Docker Desktop installer on Windows in versions before 4.6.0 allows an attacker to overwrite any administrator writable files by creating a symlink in place of where the installer writes its log file. Starting from version 4.6.0, the Docker Desktop installer, when run elevated, will write its log files to a location not writable by non-administrator users."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://docs.docker.com/docker-for-windows/release-notes/", "refsource": "MISC", "url": "https://docs.docker.com/docker-for-windows/release-notes/"}, {"name": "https://docs.docker.com/desktop/windows/release-notes/", "refsource": "MISC", "url": "https://docs.docker.com/desktop/windows/release-notes/"}, {"name": "https://github.com/hmnthabit/Advisories/blob/master/CVE-2022-26659.md", "refsource": "MISC", "url": "https://github.com/hmnthabit/Advisories/blob/master/CVE-2022-26659.md"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T05:11:43.336Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://docs.docker.com/docker-for-windows/release-notes/"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://docs.docker.com/desktop/windows/release-notes/"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/hmnthabit/Advisories/blob/master/CVE-2022-26659.md"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2022-26659", "datePublished": "2022-03-25T20:50:50", "dateReserved": "2022-03-07T00:00:00", "dateUpdated": "2024-08-03T05:11:43.336Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:a:docker:docker_desktop:*:*:*:*:*:*:*:*", "matchCriteriaId": "854E94F8-F29D-4E32-A89B-C1891FA43D4B", "versionEndExcluding": "4.6.0", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Docker Desktop installer on Windows in versions before 4.6.0 allows an attacker to overwrite any administrator writable files by creating a symlink in place of where the installer writes its log file. Starting from version 4.6.0, the Docker Desktop installer, when run elevated, will write its log files to a location not writable by non-administrator users."}, {"lang": "es", "value": "El instalador de Docker Desktop en Windows en versiones anteriores a 4.6.0, permite a un atacante sobrescribir cualquier archivo escribible por el administrador creando un enlace simb\u00f3lico en el lugar donde el instalador escribe su archivo de registro. A partir de la versi\u00f3n 4.6.0, el instalador de Docker Desktop, cuando es ejecutado de forma elevada, escribe sus archivos de registro en una ubicaci\u00f3n en la que no pueden escribir los usuarios que no son administradores"}], "id": "CVE-2022-26659", "lastModified": "2023-02-01T15:56:16.437", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 3.6, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.2, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-03-25T21:15:09.140", "references": [{"source": "cve@mitre.org", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://docs.docker.com/desktop/windows/release-notes/"}, {"source": "cve@mitre.org", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://docs.docker.com/docker-for-windows/release-notes/"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://github.com/hmnthabit/Advisories/blob/master/CVE-2022-26659.md"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-59"}], "source": "nvd@nist.gov", "type": "Primary"}]}