Lowthajeztah

**Name of the Vulnerable Software and Affected Versions** Docker CLI versions prior to 20.10.9 **Description** A bug was found in the Docker CLI where running `docker login my-private-registry.example.com` with a misconfigured configuration file (typically `~/.docker/config.json`) listing a `credsStore` or `credHelpers` that could not be executed would result in any provided credentials being sent to `registry-1.docker.io` rather than the intended private registry. The issue is related to insufficient protection of registration data, which could allow a remote attacker to obtain arbitrary credentials. **Recommendations** For Docker CLI versions prior to 20.10.9, update to version 20.10.9 as soon as possible. For users unable to update, ensure that any configured `credsStore` or `credHelpers` entries in the configuration file reference an installed credential helper that is executable and on the PATH.