← Zuruck zu CVEs
CVE-2019-15752
HIGHCISA KEV7.8
Beschreibung
Docker Desktop Community Edition before 2.1.0.1 allows local users to gain privileges by placing a Trojan horse docker-credential-wincred.exe file in %PROGRAMDATA%\DockerDesktop\version-bin\ as a low-privilege user, and then waiting for an admin or service user to authenticate with Docker, restart Docker, or run 'docker login' to force the command.
CVE Details
CVSS v3.1 Bewertung7.8
SchweregradHIGH
CVSS VektorCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
AngriffsvektorLOCAL
KomplexitatLOW
Erforderliche PrivilegienNONE
BenutzerinteraktionREQUIRED
Veroffentlicht8/28/2019
Zuletzt geandert11/6/2025
Quellekev
Honeypot-Sichtungen0
CISA KEV
HerstellerDocker
ProduktDesktop Community Edition
SchwachstellennameDocker Desktop Community Edition Privilege Escalation Vulnerability
KEV Aufnahmedatum2021-11-03
Behebungsfrist2022-05-03
Ransomware-NutzungUnknown
Betroffene Produkte
apache:geodedocker:dockermicrosoft:windows
Schwachen (CWE)
CWE-732CWE-732
Referenzen
http://packetstormsecurity.com/files/157404/Docker-Credential-Wincred.exe-Privilege-Escalation.html(cve@mitre.org)
https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3E(cve@mitre.org)
https://medium.com/%40morgan.henry.roman/elevation-of-privilege-in-docker-for-windows-2fd8450b478e(cve@mitre.org)
http://packetstormsecurity.com/files/157404/Docker-Credential-Wincred.exe-Privilege-Escalation.html(af854a3a-2127-422b-91ae-364da2661108)
https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3E(af854a3a-2127-422b-91ae-364da2661108)
https://medium.com/%40morgan.henry.roman/elevation-of-privilege-in-docker-for-windows-2fd8450b478e(af854a3a-2127-422b-91ae-364da2661108)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-15752(134c704f-9b21-4f2e-91b3-4a467353bcc0)
IOC Korrelationen
Keine Korrelationen erfasst
This product uses data from the NVD API but is not endorsed or certified by the NVD.