CVE-2021-45449

{"id": "CVE-2021-45449", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 2.1, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 1.8}]}, "published": "2022-01-12T20:15:08.567", "references": [{"url": "https://docs.docker.com/desktop/windows/release-notes/", "tags": ["Release Notes", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://docs.docker.com/desktop/windows/release-notes/", "tags": ["Release Notes", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-532"}]}], "descriptions": [{"lang": "en", "value": "Docker Desktop version 4.3.0 and 4.3.1 has a bug that may log sensitive information (access token or password) on the user's machine during login. This only affects users if they are on Docker Desktop 4.3.0, 4.3.1 and the user has logged in while on 4.3.0, 4.3.1. Gaining access to this data would require having access to the user\u2019s local files."}, {"lang": "es", "value": "Docker Desktop versiones 4.3.0 y 4.3.1, presenta un bug que puede registrar informaci\u00f3n confidencial (token de acceso o contrase\u00f1a) en la m\u00e1quina del usuario durante el inicio de sesi\u00f3n. Esto s\u00f3lo afecta a usuarios si est\u00e1n en Docker Desktop versiones 4.3.0, 4.3.1 y el usuario ha iniciado la sesi\u00f3n mientras est\u00e1 en versiones 4.3.0, 4.3.1. Para acceder a estos datos ser\u00eda necesario tener acceso a los archivos locales del usuario"}], "lastModified": "2024-11-21T06:32:13.870", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:docker:docker_desktop:4.3.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "09B6DCE3-64F2-4F45-B23C-8837AF23146F"}, {"criteria": "cpe:2.3:a:docker:docker_desktop:4.3.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "898AE2A9-8207-41E5-A07C-F0AE2E8B0DB5"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}