CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS
Percentile
48.0%
Docker CLI is the command line interface for the docker container runtime.
A bug was found in the Docker CLI where running docker login my-private-registry.example.com
with a misconfigured configuration file
(typically ~/.docker/config.json
) listing a credsStore
or credHelpers
that could not be executed would result in any provided credentials being
sent to registry-1.docker.io
rather than the intended private registry.
This bug has been fixed in Docker CLI 20.10.9. Users should update to this
version as soon as possible. For users unable to update ensure that any
configured credsStore or credHelpers entries in the configuration file
reference an installed credential helper that is executable and on the
PATH.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 18.04 | noarch | docker.io | < 20.10.7-0ubuntu5~18.04.3 | UNKNOWN |
ubuntu | 20.04 | noarch | docker.io | < 20.10.7-0ubuntu5~20.04.2 | UNKNOWN |
ubuntu | 21.04 | noarch | docker.io | < 20.10.7-0ubuntu5~21.04.2 | UNKNOWN |
ubuntu | 21.10 | noarch | docker.io | < 20.10.7-0ubuntu5.1 | UNKNOWN |
ubuntu | 22.04 | noarch | docker.io | < 20.10.7-0ubuntu7 | UNKNOWN |
ubuntu | 22.10 | noarch | docker.io | < 20.10.7-0ubuntu7 | UNKNOWN |
ubuntu | 23.04 | noarch | docker.io | < 20.10.7-0ubuntu7 | UNKNOWN |
ubuntu | 23.10 | noarch | docker.io | < 20.10.7-0ubuntu7 | UNKNOWN |
ubuntu | 24.04 | noarch | docker.io | < 20.10.7-0ubuntu7 | UNKNOWN |
ubuntu | 16.04 | noarch | docker.io | < any | UNKNOWN |
github.com/docker/cli/commit/893e52cf4ba4b048d72e99748e0f86b2767c6c6b
github.com/docker/cli/security/advisories/GHSA-99pg-grm5-qq3v
launchpad.net/bugs/cve/CVE-2021-41092
nvd.nist.gov/vuln/detail/CVE-2021-41092
security-tracker.debian.org/tracker/CVE-2021-41092
ubuntu.com/security/notices/USN-5134-1
www.cve.org/CVERecord?id=CVE-2021-41092
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS
Percentile
48.0%