This is a summary of the AI-generated 10-question deep analysis. The full version (longer answers, follow-up Q&A, related CVEs) requires login. Read the full analysis β
Q1What is this vulnerability? (Essence + Consequences)
π¨ **Essence**: A critical privilege escalation flaw in Docker Desktop for Windows.β¦
π‘οΈ **Root Cause**: Improper Access Control & File Path Manipulation. π The vulnerability lies in the `%PROGRAMDATA%\DockerDesktop\version-bin` directory.β¦
π― **Affected**: Docker Desktop Community Edition. π **Version**: All versions **prior to 2.1.0.1**. π₯οΈ **Platform**: Windows OS (implied by `%PROGRAMDATA%` and `wincred`).β¦
π **Attacker Action**: Place a malicious `docker-credential-wincred.exe` in the target bin directory. π **Result**: When Docker runs, it executes the malicious file instead of the real one.β¦
βοΈ **Threshold**: Medium-High for Local Attack. π **Auth**: Requires **Local User Access** (no remote exploit). π **Config**: Attacker must have write permissions to `%PROGRAMDATA%\DockerDesktop\version-bin`.β¦
π’ **Public Exploit**: Yes. π **References**: PacketStorm Security (File ID: 157404) and Medium articles detail the EoP technique. π **Wild Exploitation**: Likely limited to local attackers with access.β¦
β **Fixed**: Yes. π¦ **Patch**: Upgrade Docker Desktop Community Edition to **version 2.1.0.1 or later**. π **Mitigation**: The vendor addressed the file verification logic in the update.β¦
π₯ **Urgency**: HIGH for Windows Docker Users. π **Priority**: P1/P2. β οΈ **Reason**: Easy local exploitation by any local user. π’ **Impact**: Compromises container security and host credentials.β¦