Skip to content
Permalink
master
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
Go to file
 
 
Cannot retrieve contributors at this time

CVE-2022-26659: Arbitrary File Write in Docker Desktop Installer 4.5.1

Information

  • Vulnerability: Arbitrary File Write
  • Vendor: Docker
  • Affected products: Docker Desktop installer prior to version 4.6.0
  • CVE ID: CVE-2022-26659

Summary

An arbitrary file write vulnerability exists in Docker Desktop Installer 4.5.1 that allows an unprivileged attacker to cause a denial of service via local system access.

The affected program tries to create/write install-log.txt in %LOCALAPPDATA%\Docker\ directory with high integrity. The attacker could create a symlink with install-log.txt name that points to any arbitrary path (CreatSymlink.exe %LOCALAPPDATA%\Docker\install-log.txt C://target_path/target_file.exe). After the Docker Desktop Installer runs, the file will be created in the target path. If the target file already exists, the installer will overwrite the target file with its log data.

Mitigation

The vulnerability was mitigated by using another directory with the proper Discretionary Access Control List (DACL) for writing the logs.

Timeline

  • 2022-02-10: Discoverd the vulnerablity
  • 2022-02-11: Sent the report to Docker Security Team
  • 2022-02-16: Docker confirms the vulnerability
  • 2022-03-07: CVE-2022-26659 assigned
  • 2022-03-26: Public advisory published