CVE-2019-15752
- Reference to the description:
- Description:
- Docker Desktop Community Edition before 2.1.0.1 allows local users to gain privileges by placing a Trojan horse docker-credential-wincred.exe file in %PROGRAMDATA%\DockerDesktop\version-bin\ as a low-privilege user, and then waiting for an admin or service user to authenticate with Docker, restart Docker, or run 'docker login' to force the command.
- Last updated date:
- 03/14/2025
Reports
ACTIVELY EXPLOITED
- Type:
- exploitation
- Confidence:
- HIGH
- Date of publishing:
- 07/23/2021
- Reference url to background
https://www.cisa.gov/known-exploited-vulnerabilities-catalog
- Type:
- exploit
- Confidence:
- HIGH
- Date of publishing:
- 08/31/2020
- Reference url to background
https://medium.com/@morgan.henry.roman/elevation-of-privilege-in-docker-for-windows-2fd8450b478e
- Type:
- exploit
- Confidence:
- HIGH
- Date of publishing:
- 08/27/2021
- Type:
- exploit
- Confidence:
- HIGH
- Date of publishing:
- 07/25/2024
- Reference url to background
http://packetstormsecurity.com/files/157404/Docker-Credential-Wincred.exe-Privilege-Escalation.html
- Type:
- exploit
- Confidence:
- HIGH
- Date of publishing:
- 07/25/2024
- Reference url to background
https://medium.com/%40morgan.henry.roman/elevation-of-privilege-in-docker-for-windows-2fd8450b478e