CVE-2019-15752

NameCVE-2019-15752
DescriptionDocker Desktop Community Edition before 2.1.0.1 allows local users to gain privileges by placing a Trojan horse docker-credential-wincred.exe file in %PROGRAMDATA%\DockerDesktop\version-bin\ as a low-privilege user, and then waiting for an admin or service user to authenticate with Docker, restart Docker, or run 'docker login' to force the command.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
NVD severityhigh

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
docker.io (PTS)buster18.09.1+dfsg1-7.1+deb10u2fixed
buster (security)18.09.1+dfsg1-7.1+deb10u3fixed
bullseye20.10.3+dfsg1-2fixed
sid20.10.4+dfsg1-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
docker.iosource(unstable)(not affected)

Notes

- docker.io <not-affected> (Issue specific to Docker for Windows)

Search for package or bug name: Reporting problems