CVE-2021-37841
First published: Thu Aug 12 2021(Updated: )
Docker Desktop before 3.6.0 suffers from incorrect access control. If a low-privileged account is able to access the server running the Windows containers, it can lead to a full container compromise in both process isolation and Hyper-V isolation modes. This security issue leads an attacker with low privilege to read, write and possibly even execute code inside the containers.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Docker Desktop | <3.6.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this Docker Desktop vulnerability?
The vulnerability ID for this Docker Desktop vulnerability is CVE-2021-37841.
What is the severity level of CVE-2021-37841?
CVE-2021-37841 has a severity level of 7.8 (high).
What is the affected software for CVE-2021-37841?
The affected software for CVE-2021-37841 is Docker Desktop before version 3.6.0 on Windows.
How can a low-privileged account exploit CVE-2021-37841?
If a low-privileged account is able to access the server running the Windows containers, it can lead to a full container compromise in both process isolation and Hyper-V isolation modes.
How can I fix CVE-2021-37841?
To fix CVE-2021-37841, update Docker Desktop to version 3.6.0 or newer.
- collector/nvd-index
- agent/references
- agent/severity
- agent/weakness
- agent/author
- agent/description
- agent/type
- agent/event
- agent/last-modified-date
- agent/first-publish-date
- agent/tags
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- vendor/docker
- canonical/docker desktop