Vulnerability Details CVE-2020-11492
An issue was discovered in Docker Desktop through 2.2.0.5 on Windows. If a local attacker sets up their own named pipe prior to starting Docker with the same name, this attacker can intercept a connection attempt from Docker Service (which runs as SYSTEM), and then impersonate their privileges.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.009
EPSS Ranking 75.1%
CVSS Severity
CVSS v3 Score 7.8
CVSS v2 Score 7.2
References
- https://docs.docker.com/docker-for-windows/release-notes/
- https://www.pentestpartners.com/security-blog/docker-desktop-for-windows-privesc-cve-2020-11492/
- https://docs.docker.com/docker-for-windows/release-notes/
- https://www.pentestpartners.com/security-blog/docker-desktop-for-windows-privesc-cve-2020-11492/
Products affected by CVE-2020-11492
-
cpe:2.3:a:docker:docker_desktop:2.1.0.1
-
cpe:2.3:a:docker:docker_desktop:2.1.0.2
-
cpe:2.3:a:docker:docker_desktop:2.1.0.3
-
cpe:2.3:a:docker:docker_desktop:2.1.0.4
-
cpe:2.3:a:docker:docker_desktop:2.1.0.5
-
cpe:2.3:a:docker:docker_desktop:2.2.0.0
-
cpe:2.3:a:docker:docker_desktop:2.2.0.3
-
cpe:2.3:a:docker:docker_desktop:2.2.0.4
-
cpe:2.3:a:docker:docker_desktop:2.2.0.5
-
cpe:2.3:o:microsoft:windows:-