Docker Desktop Community Edition before 2.1.0.1 allows local users to gain privileges by placing a Trojan horse docker-credential-wincred.exe file in %PROGRAMDATA%\DockerDesktop\version-bin\ as a low-privilege user, and then waiting for an admin or service user to authenticate with Docker, restart Docker, or run 'docker login' to force the command.
References
Link | Resource |
---|---|
http://packetstormsecurity.com/files/157404/Docker-Credential-Wincred.exe-Privilege-Escalation.html | Exploit Third Party Advisory VDB Entry |
https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3E | Mailing List |
https://medium.com/%40morgan.henry.roman/elevation-of-privilege-in-docker-for-windows-2fd8450b478e | Exploit Third Party Advisory |
http://packetstormsecurity.com/files/157404/Docker-Credential-Wincred.exe-Privilege-Escalation.html | Exploit Third Party Advisory VDB Entry |
https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3E | Mailing List |
https://medium.com/%40morgan.henry.roman/elevation-of-privilege-in-docker-for-windows-2fd8450b478e | Exploit Third Party Advisory |
Configurations
History
21 Nov 2024, 04:29
Type | Values Removed | Values Added |
---|---|---|
References | () http://packetstormsecurity.com/files/157404/Docker-Credential-Wincred.exe-Privilege-Escalation.html - Exploit, Third Party Advisory, VDB Entry | |
References | () https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3E - Mailing List | |
References | () https://medium.com/%40morgan.henry.roman/elevation-of-privilege-in-docker-for-windows-2fd8450b478e - Exploit, Third Party Advisory |
25 Jul 2024, 16:24
Type | Values Removed | Values Added |
---|---|---|
References | () http://packetstormsecurity.com/files/157404/Docker-Credential-Wincred.exe-Privilege-Escalation.html - Exploit, Third Party Advisory, VDB Entry | |
References | () https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3E - Mailing List | |
References | () https://medium.com/%40morgan.henry.roman/elevation-of-privilege-in-docker-for-windows-2fd8450b478e - Exploit, Third Party Advisory | |
CPE | cpe:2.3:a:apache:geode:1.12.0:*:*:*:*:*:*:* | |
First Time |
Apache geode
Apache |
07 Nov 2023, 03:05
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Information
Published : 2019-08-28 21:15
Updated : 2024-11-21 04:29
NVD link : CVE-2019-15752
Mitre link : CVE-2019-15752
CVE.ORG link : CVE-2019-15752
JSON object : View
Products Affected
docker
- docker
microsoft
- windows
apache
- geode
CWE
CWE-732
Incorrect Permission Assignment for Critical Resource