CVE-2021-37841
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
12/08/2021
Last modified:
12/07/2022
Description
Docker Desktop before 3.6.0 suffers from incorrect access control. If a low-privileged account is able to access the server running the Windows containers, it can lead to a full container compromise in both process isolation and Hyper-V isolation modes. This security issue leads an attacker with low privilege to read, write and possibly even execute code inside the containers.
Impact
Base Score 3.x
7.80
Severity 3.x
HIGH
Base Score 2.0
4.60
Severity 2.0
MEDIUM
Vulnerable products and versions
CPE | From | Up to |
---|---|---|
cpe:2.3:a:docker:desktop:*:*:*:*:windows:*:*:* | 3.6.0 (excluding) |
To consult the complete list of CPE names with products and versions, see this page