CVE-2019-15752
CVE-2019-15752
In short
Docker Desktop Community Edition before 2.1.0.1 has insecure file permissions that allow a low-privilege user to place a malicious credential helper file in a shared directory. When an administrator runs Docker or logs in, the malicious file gets executed with elevated privileges, giving the attacker admin access.
Technical detail
CWE-732 (improper permissions on %PROGRAMDATA%\DockerDesktop\version-bin\ directory) allows local privilege escalation via Trojan horse docker-credential-wincred.exe. Attack requires low user privileges and execution by an admin user (via docker login, daemon restart, or authentication). Impact: arbitrary code execution with elevated privileges.
Summary generated and translated by AI from the official description.
Docker Desktop Community Edition before 2.1.0.1 allows local users to gain privileges by placing a Trojan horse docker-credential-wincred.exe file in %PROGRAMDATA%\DockerDesktop\version-bin\ as a low-privilege user, and then waiting for an admin or service user to authenticate with Docker, restart Docker, or run 'docker login' to force the command.
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected products
n/a · n/apublic PoCs found — 2
cve_referencepacketstormsecurity.com/files/157404/Docker-Credential-Wincred.exe-Privilege-Escalation.htmlunverifiedexploitdbwww.exploit-db.com/exploits/48388unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://packetstormsecurity.com/files/157404/Docker-Credential-Wincred.exe-Privilege-Escalation.htmlhttps://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3Ehttps://medium.com/%40morgan.henry.roman/elevation-of-privilege-in-docker-for-windows-2fd8450b478ehttps://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-15752