Login Sign Up

CVE-2021-44719

8.4 HIGH

📋 TL;DR

CVE-2021-44719 is an incorrect access control vulnerability in Docker Desktop 4.3.0 that allows unauthorized users to access Docker Desktop features and potentially execute arbitrary code. This affects users running Docker Desktop 4.3.0 on macOS and Windows systems. The vulnerability stems from improper permission validation in the Docker Desktop interface.

💻 Affected Systems

Products:
  • Docker Desktop
Versions: 4.3.0 only
Operating Systems: macOS, Windows
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects Docker Desktop 4.3.0; earlier and later versions are not vulnerable. Docker Engine (non-Desktop) is not affected.

📦 What is this software?

Docker Desktop by Docker

View all CVEs affecting Docker Desktop →

⚠️ Risk & Real-World Impact

🔴

Worst Case

An attacker with local access could gain root/administrator privileges, execute arbitrary code, access sensitive container data, and potentially pivot to host system compromise.

🟠

Likely Case

Unauthorized users on shared systems could access Docker containers, modify configurations, run unauthorized containers, and potentially access sensitive application data within containers.

🟢

If Mitigated

With proper access controls and patching, the risk is limited to authorized users only accessing Docker Desktop features as intended.

🌐 Internet-Facing: LOW - This is primarily a local privilege escalation vulnerability requiring local system access.
🏢 Internal Only: HIGH - On shared workstations or development environments, unauthorized users could exploit this to access Docker resources and potentially compromise containers.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires local access to the system. No public exploit code has been released, but the vulnerability is straightforward to exploit given local access.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 4.3.1 and later

Vendor Advisory: https://docs.docker.com/desktop/release-notes/#security-2

Restart Required: Yes

Instructions:

1. Open Docker Desktop. 2. Click on the Docker icon in the system tray/menu bar. 3. Select 'Check for Updates'. 4. If update to 4.3.1 or later is available, click 'Update and Restart'. 5. Alternatively, download the latest version from docker.com/products/docker-desktop and install it.

🔧 Temporary Workarounds

Restrict Docker Desktop Access

all

Limit Docker Desktop usage to authorized users only and ensure proper user account separation on shared systems.

Use Docker Engine Instead

all

For development environments, consider using Docker Engine directly instead of Docker Desktop if feasible.

🧯 If You Can't Patch

  • Restrict physical and remote access to systems running vulnerable Docker Desktop versions
  • Implement strict user account controls and ensure Docker Desktop is only used by authorized administrators

🔍 How to Verify

Check if Vulnerable:

Check Docker Desktop version in Settings > General > About Docker Desktop. If version is exactly 4.3.0, the system is vulnerable.

Check Version:

On macOS: open -a Docker && check About Docker Desktop. On Windows: Right-click Docker tray icon > About Docker Desktop.

Verify Fix Applied:

After updating, verify version is 4.3.1 or later in Settings > General > About Docker Desktop.

📡 Detection & Monitoring

Log Indicators:

  • Unauthorized access attempts to Docker Desktop components
  • Unexpected privilege escalation events in system logs
  • Unusual container creation or modification events

Network Indicators:

  • Unexpected Docker API calls from unauthorized user accounts
  • Unusual container network activity from non-admin users

SIEM Query:

source="docker" AND (event="unauthorized_access" OR user!="authorized_user")

📊 Metadata

CVE ID: CVE-2021-44719
CVSS v3 Score: 8.4 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N
Published: May 25, 2022
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON