CVE-2022-37326

Name of the Vulnerable Software and Affected Versions Docker Desktop for Windows versions prior to 4.6.0

Description The issue allows attackers to delete or create any file through the "dockerBackendV2 windowscontainers/start" API endpoint by controlling the pidfile field inside the DaemonJSON field in the WindowsContainerStartRequest class. This can indirectly lead to privilege escalation.

Recommendations For versions prior to 4.6.0, update to version 4.6.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the "dockerBackendV2 windowscontainers/start" API endpoint until a patch is available. Avoid using the pidfile field in the DaemonJSON field of the WindowsContainerStartRequest class in the affected API endpoint until the issue is resolved.