CVE-2022-26659

Name of the Vulnerable Software and Affected Versions Docker Desktop versions prior to 4.6.0

Description The issue allows an attacker to overwrite administrator-writable files by creating a symlink where the installer writes its log file. This can be exploited when the Docker Desktop installer is run on Windows. The estimated number of potentially affected devices is not specified.

Recommendations For versions prior to 4.6.0, update to version 4.6.0 or later to resolve the issue, as the new version writes log files to a location not writable by non-administrator users.