Access Control Vulnerability in Docker Desktop for Windows
CVE-2021-37841

7.8HIGH

Key Information:

Vendor: Docker
Status: Desktop
Vendor: CVE Published:; 12 August 2021

What is CVE-2021-37841?

Docker Desktop versions prior to 3.6.0 have a security flaw due to improper access control that allows low-privileged users to potentially compromise the server hosting Windows containers. This vulnerability enables unauthorized access, allowing attackers to read, write, and execute code within the containers, posing a significant security risk in both process isolation and Hyper-V isolation modes.

References

https://docs.docker.com/docker-for-windows/release-notes/

x_refsource_MISC

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 12, 2021
Vulnerability Reserved
Aug 2, 2021