CVE-2019-15752
Published: 28 August 2019
Summary
CVE-2019-15752 is a high-severity Incorrect Permission Assignment for Critical Resource (CWE-732) vulnerability in Docker Docker. Its CVSS base score is 7.8 (High).
Operationally, ranked in the top 2.3% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog; a public proof-of-concept is referenced.
This vulnerability is AI-related — categorised as Other AI Platforms.
The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and CM-5 (Access Restrictions for Change).
Deeper analysis
Docker Desktop Community Edition before version 2.1.0.1 is affected by a local privilege escalation vulnerability tracked as CVE-2019-15752 and assigned CWE-732. The flaw stems from insecure default permissions on the %PROGRAMDATA%\DockerDesktop\version-bin\ directory, which permits unprivileged users to introduce arbitrary executables that are later invoked by the Docker credential helper mechanism.
A low-privilege local attacker can drop a malicious docker-credential-wincred.exe into the writable directory and then wait for an administrator or service account to trigger Docker authentication, a service restart, or the “docker login” command. When the helper is executed, the attacker’s binary runs with the higher privileges of the invoking user, resulting in full control over the host (CVSS 7.8).
Public references include proof-of-concept exploit code demonstrating the attack and a technical write-up detailing the directory permission issue; the provided description indicates the flaw is resolved by upgrading to Docker Desktop Community Edition 2.1.0.1 or later.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2019-6687
Vulnerability details
Docker Desktop Community Edition before 2.1.0.1 allows local users to gain privileges by placing a Trojan horse docker-credential-wincred.exe file in %PROGRAMDATA%\DockerDesktop\version-bin\ as a low-privilege user, and then waiting for an admin or service user to authenticate with Docker, restart Docker,…
more
or run 'docker login' to force the command.
- CWE(s)
- KEV Date Added
- 03 November 2021
AI Security AnalysisAI
- AI Category
- Other AI Platforms
- Risk Domain
- N/A
- OWASP Top 10 for LLMs 2025
- None mapped
- Classification Reason
- Matched keywords: trojan
Related Threats
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Enforces access restrictions on %PROGRAMDATA%\DockerDesktop\version-bin\ so low-privilege users cannot write docker-credential-wincred.exe.
Restricts modification of Docker credential-helper binaries and directories to authorized administrators only.
Detects unauthorized replacement of docker-credential-wincred.exe before an elevated user executes the Trojan.