CVE-2021-45449
First published: Wed Jan 12 2022(Updated: )
Docker Desktop version 4.3.0 and 4.3.1 has a bug that may log sensitive information (access token or password) on the user's machine during login. This only affects users if they are on Docker Desktop 4.3.0, 4.3.1 and the user has logged in while on 4.3.0, 4.3.1. Gaining access to this data would require having access to the user’s local files.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Docker Docker Desktop | =4.3.0 | |
| Docker Docker Desktop | =4.3.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this bug in Docker Desktop?
The vulnerability ID for this bug in Docker Desktop is CVE-2021-45449.
What is the severity level of the Docker Desktop bug with vulnerability ID CVE-2021-45449?
The severity level of the Docker Desktop bug with vulnerability ID CVE-2021-45449 is medium.
Which versions of Docker Desktop are affected by CVE-2021-45449?
Docker Desktop versions 4.3.0 and 4.3.1 are affected by CVE-2021-45449.
What is the impact of CVE-2021-45449?
CVE-2021-45449 may log sensitive information (access token or password) on the user's machine during login.
How can I fix the Docker Desktop bug with vulnerability ID CVE-2021-45449?
To fix the Docker Desktop bug with vulnerability ID CVE-2021-45449, users should upgrade to a version higher than 4.3.1.
- collector/nvd-index
- agent/severity
- agent/references
- agent/author
- agent/type
- agent/weakness
- agent/description
- agent/tags
- agent/event
- agent/last-modified-date
- agent/first-publish-date
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- vendor/docker
- canonical/docker docker desktop
- version/docker docker desktop/4.3.0
- version/docker docker desktop/4.3.1