Sensitive Information Exposure in Docker Desktop Versions 4.3.0 and 4.3.1
CVE-2021-45449

5.5MEDIUM

Key Information:

Vendor

Docker

Status
Docker Desktop
Vendor
CVE Published:
12 January 2022

What is CVE-2021-45449?

Docker Desktop versions 4.3.0 and 4.3.1 contain a vulnerability that can log sensitive data, including access tokens and passwords, on the user's local machine during the login process. This issue primarily affects individuals who logged into these versions. While the potential exposure of sensitive information exists, it requires unauthorized access to the user's local files to be exploited. Users are advised to review their security settings and consider upgrading to a patched version to mitigate this risk.

References

https://docs.docker.com/desktop/windows/release-notes/
x_refsource_MISC

CVSS V3.1

Score:
5.5
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.
CVE-2021-45449 : Sensitive Information Exposure in Docker Desktop Versions 4.3.0 and 4.3.1