Vulnerability Details CVE-2019-15752
Docker Desktop Community Edition before 2.1.0.1 allows local users to gain privileges by placing a Trojan horse docker-credential-wincred.exe file in %PROGRAMDATA%\DockerDesktop\version-bin\ as a low-privilege user, and then waiting for an admin or service user to authenticate with Docker, restart Docker, or run 'docker login' to force the command.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.608
EPSS Ranking 98.2%
CVSS Severity
CVSS v3 Score 7.8
CVSS v2 Score 9.3
Proposed Action
Docker Desktop Community Edition contains a vulnerability that may allow local users to escalate privileges by placing a trojan horse docker-credential-wincred.exe file in %PROGRAMDATA%\DockerDesktop\version-bin\.
Ransomware Campaign
Unknown
References
- http://packetstormsecurity.com/files/157404/Docker-Credential-Wincred.exe-Privilege-Escalation.html
- https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3E
- https://medium.com/%40morgan.henry.roman/elevation-of-privilege-in-docker-for-windows-2fd8450b478e
- http://packetstormsecurity.com/files/157404/Docker-Credential-Wincred.exe-Privilege-Escalation.html
- https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3E
- https://medium.com/%40morgan.henry.roman/elevation-of-privilege-in-docker-for-windows-2fd8450b478e
Products affected by CVE-2019-15752
-
cpe:2.3:a:apache:geode:1.12.0
-
cpe:2.3:a:docker:docker:1.10.0.0-0
-
cpe:2.3:a:docker:docker:1.10.1.42-1
-
cpe:2.3:a:docker:docker:1.10.2.12
-
cpe:2.3:a:docker:docker:1.10.2.14
-
cpe:2.3:a:docker:docker:1.10.4.0
-
cpe:2.3:a:docker:docker:1.10.6
-
cpe:2.3:a:docker:docker:1.11
-
cpe:2.3:a:docker:docker:1.11.0
-
cpe:2.3:a:docker:docker:1.11.1
-
cpe:2.3:a:docker:docker:1.11.2
-
cpe:2.3:a:docker:docker:1.12.0
-
cpe:2.3:a:docker:docker:1.12.1
-
cpe:2.3:a:docker:docker:1.12.2
-
cpe:2.3:a:docker:docker:1.12.3
-
cpe:2.3:a:docker:docker:1.12.4
-
cpe:2.3:a:docker:docker:1.12.5
-
cpe:2.3:a:docker:docker:1.13.0
-
cpe:2.3:a:docker:docker:1.13.1
-
cpe:2.3:a:docker:docker:2.0.0.0
-
cpe:2.3:a:docker:docker:2.0.0.2
-
cpe:2.3:a:docker:docker:2.0.0.3
-
cpe:2.3:o:microsoft:windows:-