Vulnerability Details CVE-2022-38730
Docker Desktop for Windows before 4.6 allows attackers to overwrite any file through the windowscontainers/start dockerBackendV2 API by controlling the data-root field inside the DaemonJSON field in the WindowsContainerStartRequest class. This allows exploiting a symlink vulnerability in ..\dataRoot\network\files\local-kv.db because of a TOCTOU race condition.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 7.2%
CVSS Severity
CVSS v3 Score 6.3
References
- https://docs.docker.com/desktop/release-notes/#docker-desktop-460
- https://www.cyberark.com/resources/threat-research-blog/breaking-docker-named-pipes-systematically-docker-desktop-privilege-escalation-part-2
- https://docs.docker.com/desktop/release-notes/#docker-desktop-460
- https://www.cyberark.com/resources/threat-research-blog/breaking-docker-named-pipes-systematically-docker-desktop-privilege-escalation-part-2
Products affected by CVE-2022-38730
-
cpe:2.3:a:docker:desktop:-
-
cpe:2.3:a:docker:desktop:2.1.0.1
-
cpe:2.3:a:docker:desktop:2.1.0.2
-
cpe:2.3:a:docker:desktop:2.1.0.3
-
cpe:2.3:a:docker:desktop:2.1.0.4
-
cpe:2.3:a:docker:desktop:2.1.0.5
-
cpe:2.3:a:docker:desktop:2.2.0.0
-
cpe:2.3:a:docker:desktop:2.2.0.3
-
cpe:2.3:a:docker:desktop:2.2.0.4