Bug 2023449 (CVE-2021-41092) - CVE-2021-41092 docker: cli leaks private registry credentials to registry-1.docker.io
Summary: CVE-2021-41092 docker: cli leaks private registry credentials to registry-1.d...
Keywords:
Status: NEW
Alias: CVE-2021-41092
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Nobody
QA Contact:
URL:
Whiteboard:
Depends On: 2025487 2025489
Blocks: 2023450
TreeView+ depends on / blocked
 
Reported: 2021-11-15 18:16 UTC by Michael Kaplan
Modified: 2024-03-14 18:52 UTC (History)
29 users (show)

Fixed In Version: docker-cli 20.10.9
Doc Type: If docs needed, set a value
Doc Text:
A confidential data leak vulnerability was found in Docker CLI. The execution of `docker login` to a private registry may send provided credentials in a misconfigured docker credentials store to the registry-1.docker.io rather than the specified private registry. This flaw allows an attacker to steal private registry credentials. The highest threat from this vulnerability is to confidentiality.
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)

Description Michael Kaplan 2021-11-15 18:16:17 UTC 
A bug was found in the Docker CLI where running `docker login my-private-registry.example.com` with a misconfigured configuration file (typically `~/.docker/config.json`) listing a `credsStore` or `credHelpers` that could not be executed would result in any provided credentials being sent to `registry-1.docker.io` rather than the intended private registry. This bug has been fixed in Docker CLI 20.10.9. Users should update to this version as soon as possible. For users unable to update ensure that any configured credsStore or credHelpers entries in the configuration file reference an installed credential helper that is executable and on the PATH.

References:

https://github.com/docker/cli/commit/893e52cf4ba4b048d72e99748e0f86b2767c6c6b
https://github.com/docker/cli/security/advisories/GHSA-99pg-grm5-qq3v
Note You need to log in before you can comment on or make changes to this bug.