Local Privilege Escalation in Docker Desktop for macOS
CVE-2021-3162

7.8HIGH

Key Information:

Vendor: Docker
Status: Docker
Vendor: CVE Published:; 15 January 2021

What is CVE-2021-3162?

A vulnerability exists in Docker Desktop Community for macOS prior to version 2.5.0.0, where improper handling of certificate verification can lead to local privilege escalation. An attacker with access to a local environment may exploit this flaw to gain elevated privileges, potentially compromising the integrity of the system and its data. Users are encouraged to update to the latest version to mitigate this risk.

References

https://docs.docker.com/docker-for-mac/release-notes/#doc...

x_refsource_MISC

https://twitter.com/_r3ggi

x_refsource_MISC

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 15, 2021
Vulnerability Reserved
Jan 15, 2021