Access Control Flaw in Docker Desktop by Docker Inc.
CVE-2021-44719

8.4HIGH

Key Information:

Vendor

Docker

Status
Docker Desktop
Vendor
CVE Published:
25 May 2022

What is CVE-2021-44719?

Docker Desktop version 4.3.0 is susceptible to an access control vulnerability, allowing potential unauthorized access to sensitive features or data. This flaw could enable an attacker with limited access to escalate their privileges and perform unauthorized actions within the software. Users of affected versions are urged to follow best practices for configuring access controls and to apply recommended patches or updates to mitigate the risk.

References

https://docs.docker.com/desktop/mac/release-notes/
x_refsource_MISC
https://docs.docker.com/desktop/windows/release-notes/
x_refsource_MISC
https://docs.docker.com/desktop/release-notes/#security-2
x_refsource_MISC

CVSS V3.1

Score:
8.4
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.