CVE-2021-41092

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:C/I:N/A:N

Name of the Vulnerable Software and Affected Versions Docker CLI versions prior to 20.10.9

Description A bug was found in the Docker CLI where running docker login my-private-registry.example.com with a misconfigured configuration file (typically ~/.docker/config.json) listing a credsStore or credHelpers that could not be executed would result in any provided credentials being sent to registry-1.docker.io rather than the intended private registry. The issue is related to insufficient protection of registration data, which could allow a remote attacker to obtain arbitrary credentials.

Recommendations For Docker CLI versions prior to 20.10.9, update to version 20.10.9 as soon as possible. For users unable to update, ensure that any configured credsStore or credHelpers entries in the configuration file reference an installed credential helper that is executable and on the PATH.

Fix

Information Disclosure

Insufficiently Protected Credentials

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200CWE-522

Related Identifiers

ALT-PU-2021-4839

ALT-PU-2021-4841

BDU:2022-05502

BIT-DOCKER-CLI-2021-41092

CVE-2021-41092

GHSA-99PG-GRM5-QQ3V

GO-2024-2912

MGASA-2021-0500

OESA-2022-1739

OPENSUSE-SU-2021:1404-1

OPENSUSE-SU-2021:3506-1

OPENSUSE-SU-2021_1404-1

OPENSUSE-SU-2021_3506-1

OPENSUSE-SU-2022:0334-1

OPENSUSE-SU-2022_0334-1

OPENSUSE-SU-2024:11566-1

OPENSUSE-SU-2025:15589-1

SUSE-SU-2021:3336-1

SUSE-SU-2021:3506-1

SUSE-SU-2022:0213-1

SUSE-SU-2022:0334-1

SUSE-SU-2025:03540-1

SUSE-SU-2025:03545-1

USN-5134-1

Affected Products

Alt Linux

Astra Linux

Docker Cli

Linuxmint

Suse

Ubuntu

CVE-2021-41092

Weakness Enumeration

Related Identifiers

Affected Products

References · 306