CVE-2020-11492

Name of the Vulnerable Software and Affected Versions Docker Desktop versions through 2.2.0.5

Description An issue allows a local attacker to intercept a connection attempt from Docker Service, which runs as SYSTEM, by setting up their own named pipe with the same name prior to starting Docker. This enables the attacker to impersonate the privileges of the Docker Service.

Recommendations For Docker Desktop versions through 2.2.0.5, update to a version later than 2.2.0.5 to resolve the issue. As a temporary workaround, consider restricting access to named pipes to minimize the risk of exploitation.