CVE-2020-10665

Published: Mar 18, 2020Modified: Nov 21, 2024

6.7

Vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Exploitability: 0.8 / Impact: 5.9

Source: NVD

Description

Docker Desktop allows local privilege escalation to NT AUTHORITY\SYSTEM because it mishandles the collection of diagnostics with Administrator privileges, leading to arbitrary DACL permissions overwrites and arbitrary file writes. This affects Docker Desktop Enterprise before 2.1.0.9, Docker Desktop for Windows Stable before 2.2.0.4, and Docker Desktop for Windows Edge before 2.2.2.0.

Affected (3)

Products: Docker: Desktop

1 product

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Docker Desktop	Before 2.2.2.0
Docker Desktop	Before 2.1.0.9
Docker Desktop	Before 2.2.0.4

Related CWEs

Improper Link Resolution Before File Access ('Link Following')

The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.

References (6)

https://docs.docker.com/release-notes/

Source: cve@mitre.org

Release NotesVendor Advisory

https://github.com/active-labs/Advisories/blob/master/2020/ACTIVE-2020-002.md

Source: cve@mitre.org

Third Party Advisory

https://github.com/spaceraccoon/CVE-2020-10665

Source: cve@mitre.org

ExploitThird Party Advisory

https://docs.docker.com/release-notes/

Source: af854a3a-2127-422b-91ae-364da2661108

Release NotesVendor Advisory

https://github.com/active-labs/Advisories/blob/master/2020/ACTIVE-2020-002.md

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://github.com/spaceraccoon/CVE-2020-10665

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.