Vulnerability Description
Docker Desktop allows local privilege escalation to NT AUTHORITY\SYSTEM because it mishandles the collection of diagnostics with Administrator privileges, leading to arbitrary DACL permissions overwrites and arbitrary file writes. This affects Docker Desktop Enterprise before 2.1.0.9, Docker Desktop for Windows Stable before 2.2.0.4, and Docker Desktop for Windows Edge before 2.2.2.0.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Docker | Desktop | < 2.1.0.9 |
Related Weaknesses (CWE)
References
- https://docs.docker.com/release-notes/Release NotesVendor Advisory
- https://github.com/active-labs/Advisories/blob/master/2020/ACTIVE-2020-002.mdThird Party Advisory
- https://github.com/spaceraccoon/CVE-2020-10665ExploitThird Party Advisory
- https://docs.docker.com/release-notes/Release NotesVendor Advisory
- https://github.com/active-labs/Advisories/blob/master/2020/ACTIVE-2020-002.mdThird Party Advisory
- https://github.com/spaceraccoon/CVE-2020-10665ExploitThird Party Advisory
FAQ
What is CVE-2020-10665?
CVE-2020-10665 is a vulnerability with a CVSS score of 6.7 (MEDIUM). Docker Desktop allows local privilege escalation to NT AUTHORITY\SYSTEM because it mishandles the collection of diagnostics with Administrator privileges, leading to arbitrary DACL permissions overwri...
How severe is CVE-2020-10665?
CVE-2020-10665 has been rated MEDIUM with a CVSS base score of 6.7/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-10665?
Check the references section above for vendor advisories and patch information. Affected products include: Docker Desktop.