Docker Desktop for Windows before 4.6.0 allows attackers to delete (or create) any file through the dockerBackendV2 windowscontainers/start API by controlling the pidfile field inside the DaemonJSON field in the WindowsContainerStartRequest class. This can indirectly lead to privilege escalation.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Desktop | Docker | * | 4.6.0 (excluding) |