Cyber Resilience

CVE-2019-15752

HighCISA KEVActive ExploitationEUVD ExploitedPublic PoCLPE

Published: 28 August 2019

Published
28 August 2019
Modified
06 November 2025
KEV Added
03 November 2021
Patch
CVSS Score v3.1 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score 0.4560 97.7th percentile
Risk Priority 63 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2019-15752 is a high-severity Incorrect Permission Assignment for Critical Resource (CWE-732) vulnerability in Docker Docker. Its CVSS base score is 7.8 (High).

Operationally, ranked in the top 2.3% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog; a public proof-of-concept is referenced.

This vulnerability is AI-related — categorised as Other AI Platforms.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and CM-5 (Access Restrictions for Change).

Deeper analysis

Docker Desktop Community Edition before version 2.1.0.1 is affected by a local privilege escalation vulnerability tracked as CVE-2019-15752 and assigned CWE-732. The flaw stems from insecure default permissions on the %PROGRAMDATA%\DockerDesktop\version-bin\ directory, which permits unprivileged users to introduce arbitrary executables that are later invoked by the Docker credential helper mechanism.

A low-privilege local attacker can drop a malicious docker-credential-wincred.exe into the writable directory and then wait for an administrator or service account to trigger Docker authentication, a service restart, or the “docker login” command. When the helper is executed, the attacker’s binary runs with the higher privileges of the invoking user, resulting in full control over the host (CVSS 7.8).

Public references include proof-of-concept exploit code demonstrating the attack and a technical write-up detailing the directory permission issue; the provided description indicates the flaw is resolved by upgrading to Docker Desktop Community Edition 2.1.0.1 or later.

EU & UK References

Vulnerability details

Docker Desktop Community Edition before 2.1.0.1 allows local users to gain privileges by placing a Trojan horse docker-credential-wincred.exe file in %PROGRAMDATA%\DockerDesktop\version-bin\ as a low-privilege user, and then waiting for an admin or service user to authenticate with Docker, restart Docker,…

more

or run 'docker login' to force the command.

CWE(s)
KEV Date Added
03 November 2021

AI Security AnalysisAI

AI Category
Other AI Platforms
Risk Domain
N/A
OWASP Top 10 for LLMs 2025
None mapped
Classification Reason
Matched keywords: trojan

Related Threats

Affected Assets

docker
docker
≤ 2.1.0.1
apache
geode
1.12.0

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Enforces access restrictions on %PROGRAMDATA%\DockerDesktop\version-bin\ so low-privilege users cannot write docker-credential-wincred.exe.

prevent

Restricts modification of Docker credential-helper binaries and directories to authorized administrators only.

detect

Detects unauthorized replacement of docker-credential-wincred.exe before an elevated user executes the Trojan.

References