PT-2021-21883 · Docker · Docker Desktop

Published

2021-08-12

Updated

2022-07-12

CVE-2021-37841

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: Docker Desktop versions prior to 3.6.0

Description: The issue is related to incorrect access control in Docker Desktop. If a low-privileged account can access the server running the Windows containers, it can lead to a full container compromise in both process isolation and Hyper-V isolation modes. This allows an attacker with low privilege to read, write, and possibly even execute code inside the containers.

Recommendations: For Docker Desktop versions prior to 3.6.0, update to version 3.6.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the server running the Windows containers to prevent low-privileged accounts from accessing it.

Fix

Incorrect Permission

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-732

Related Identifiers

CVE-2021-37841

Affected Products

Docker Desktop

PT-2021-21883 · Docker · Docker Desktop

CVE-2021-37841

Weakness Enumeration

Related Identifiers

Affected Products

References · 5