Published: 04/10/2021 Updated: 07/11/2023

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

Docker CLI is the command line interface for the docker container runtime. A bug was found in the Docker CLI where running `docker login my-private-registry.example.com` with a misconfigured configuration file (typically `~/.docker/config.json`) listing a `credsStore` or `credHelpers` that could not be executed would result in any provided credentials being sent to `registry-1.docker.io` rather than the intended private registry. This bug has been fixed in Docker CLI 20.10.9. Users should update to this version as soon as possible. For users unable to update ensure that any configured credsStore or credHelpers entries in the configuration file reference an installed credential helper that is executable and on the PATH.

Vulnerable Product	Search on Vulmon	Subscribe to Product
docker command line interface
fedoraproject fedora 34
fedoraproject fedora 35

Debian Bug report logs - #998292 dockerio: CVE-2021-41092: Docker CLI leaks private registry credentials to registry-1dockerio Package: src:dockerio; Maintainer for src:dockerio is Debian Go Packaging Team <team+pkg-go@trackerdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Mon, 1 Nov 20 ...

A bug was found in Moby (Docker Engine) where attempting to copy files using docker cp into a specially-crafted container can result in Unix file permission changes for existing files in the host 2019s filesystem, widening access to others This bug does not directly allow files to be read, modified, or executed without an additional cooperating pr ...

A file permissions vulnerability was found in Moby (Docker Engine) Copying files by using `docker cp` into a specially-crafted container can result in Unix file permission changes for existing files in the host's filesystem, which might lead to permissions escalation and allow an attacker access to restricted data (CVE-2021-41089) Moby is an open ...

A file permissions vulnerability was found in Moby (Docker Engine) Copying files by using into a specially-crafted container can result in Unix file permission changes for existing files in the host's filesystem, which might lead to permissions escalation and allow an attacker access to restricted data (CVE-2021-41089) Moby is an open-source pro ...

A file permissions vulnerability was found in Moby (Docker Engine) Copying files by using `docker cp` into a specially-crafted container can result in Unix file permission changes for existing files in the host's filesystem, which might lead to permissions escalation and allow an attacker access to restricted data (CVE-2021-41089) Moby is an open ...

Severity Unknown Remote Unknown Type Unknown Description AVG-2440 docker 1:20108-1 1:20109-1 Medium Fixed ...

CWE-200 https://github.com/docker/cli/commit/893e52cf4ba4b048d72e99748e0f86b2767c6c6b https://github.com/docker/cli/security/advisories/GHSA-99pg-grm5-qq3v https://cert-portal.siemens.com/productcert/pdf/ssa-222547.pdf https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZNFADTCHHYWVM6W4NJ6CB4FNFM2VMBIB/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/B5Q6G6I4W5COQE25QMC7FJY3I3PAYFBB/https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=998292 https://nvd.nist.gov https://www.cisa.gov/uscert/ics/advisories/icsa-22-167-09 https://alas.aws.amazon.com/ALAS-2021-1537.html

CVE-2021-41092

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

ICS Advisories

References

Vulmon Search

About

Products

Connect