CVE-2019-15752

Published: 28 August 2019

Docker Desktop Community Edition before 2.1.0.1 allows local users to gain privileges by placing a Trojan horse docker-credential-wincred.exe file in %PROGRAMDATA%\DockerDesktop\version-bin\ as a low-privilege user, and then waiting for an admin or service user to authenticate with Docker, restart Docker, or run 'docker login' to force the command.

Priority

Unknown

CVSS 3 base score: 7.8

Status

Package Release Status
docker.io
Launchpad, Ubuntu, Debian
Upstream Not vulnerable
(debian: Issue specific to Docker for Windows)
Ubuntu 18.04 LTS (Bionic Beaver) Not vulnerable
(issue specific to Docker for Windows)
Ubuntu 16.04 LTS (Xenial Xerus) Not vulnerable
(issue specific to Docker for Windows)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist