CVE-2022-26659

Docker Desktop installer on Windows in versions before 4.6.0 allows an attacker to overwrite any administrator writable files by creating a symlink in place of where the installer writes its log file. Starting from version 4.6.0, the Docker Desktop installer, when run elevated, will write its log files to a location not writable by non-administrator users.
Link Following
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.1 HIGH
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 19%
VendorProductVersion
dockerdocker_desktop
𝑥
< 4.6.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://docs.docker.com/desktop/windows/release-notes/
https://docs.docker.com/docker-for-windows/release-notes/
https://github.com/hmnthabit/Advisories/blob/master/CVE-2022-26659.md
https://docs.docker.com/desktop/windows/release-notes/
https://docs.docker.com/docker-for-windows/release-notes/
https://github.com/hmnthabit/Advisories/blob/master/CVE-2022-26659.md