CVE-2019-15752

Docker Desktop Community Edition before 2.1.0.1 allows local users to gain privileges by placing a Trojan horse docker-credential-wincred.exe file in %PROGRAMDATA%\DockerDesktop\version-bin\ as a low-privilege user, and then waiting for an admin or service user to authenticate with Docker, restart Docker, or run 'docker login' to force the command.

CVSS v3 7.8 HIGH
CVSS v2.0 9.3 HIGH

7.8^/10

CVSS v3 : HIGH

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

9.3^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:M/Au:N/C:C/I:C/A:C

Exploitability : 8.6 / Impact : 10.0

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://packetstormsecurity.com/files/157404/Docker-Credential-Wincred.exe-Privilege-Escalation.html	Exploit Third Party Advisory VDB Entry
https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3E	Mailing List
https://medium.com/%40morgan.henry.roman/elevation-of-privilege-in-docker-for-windows-2fd8450b478e	Exploit Third Party Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:a:docker:docker:*:*:*:*:community:*:*:*

cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:a:apache:geode:1.12.0:*:*:*:*:*:*:*

History

No history.

Information

Published : 2019-08-28 21:15

Updated : 2024-07-25 16:24

NVD link : CVE-2019-15752

Mitre link : CVE-2019-15752

CVE.ORG link : CVE-2019-15752

JSON object : View

Products Affected

docker

docker

apache

geode

microsoft

windows

CWE

CWE-732

Incorrect Permission Assignment for Critical Resource

{"id": "CVE-2019-15752", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 9.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "MEDIUM", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}]}, "published": "2019-08-28T21:15:10.880", "references": [{"url": "http://packetstormsecurity.com/files/157404/Docker-Credential-Wincred.exe-Privilege-Escalation.html", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "source": "cve@mitre.org"}, {"url": "https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3E", "tags": ["Mailing List"], "source": "cve@mitre.org"}, {"url": "https://medium.com/%40morgan.henry.roman/elevation-of-privilege-in-docker-for-windows-2fd8450b478e", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-732"}]}], "descriptions": [{"lang": "en", "value": "Docker Desktop Community Edition before 2.1.0.1 allows local users to gain privileges by placing a Trojan horse docker-credential-wincred.exe file in %PROGRAMDATA%\\DockerDesktop\\version-bin\\ as a low-privilege user, and then waiting for an admin or service user to authenticate with Docker, restart Docker, or run 'docker login' to force the command."}, {"lang": "es", "value": "Docker Desktop Community Edition antes de 2.1.0.1 permite a los usuarios locales obtener privilegios al colocar un archivo trojan horse docker-credential-wincred.exe en% PROGRAMDATA% \\ DockerDesktop \\ version-bin \\ como un usuario con pocos privilegios y luego esperar un administrador o usuario de servicio para identificarse con Docker, reiniciar Docker o ejecutar 'inicio de sesi\u00f3n de docker' para forzar el comando."}], "lastModified": "2024-07-25T16:24:56.683", "cisaActionDue": "2022-05-03", "cisaExploitAdd": "2021-11-03", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:docker:docker:*:*:*:*:community:*:*:*", "vulnerable": true, "matchCriteriaId": "FB71A149-B573-410D-AA44-289DDE21E4BF", "versionEndExcluding": "2.1.0.1"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:apache:geode:1.12.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8DD32C20-8B17-4197-9943-B8293D1C3BED"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org", "cisaRequiredAction": "Apply updates per vendor instructions.", "cisaVulnerabilityName": "Docker Desktop Community Edition Privilege Escalation Vulnerability"}