Docker Cli
Approved changes feed: RSS · Atom
cpe:2.3:a:docker:docker_cli:*:*:*:*:*:*:*:*
part: a version: * update: *
| Vendor | Docker (fb312c2d-be4d-5919-b619-61409dcafa2c) |
|---|---|
| Product | Docker Cli (255db6f4-1c23-5f05-a8cc-de9b5a1cb435) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2025-15558 |
not_vulnerable | 2026-06-03 14:58:57.331432 |
Docker Desktop Docker Plugins Uncontrolled Search Path Element Local Privilege Escalation Vulnerability
Docker CLI for Windows searches for plugin binaries in C:\ProgramData\Docker\cli-plugins, a directory that does not exist by default. A low-privileged attacker can create this directory and place malicious CLI plugin binaries (docker-compose.exe, docker-buildx.exe, etc.) that are executed when a victim user opens Docker Desktop or invokes Docker CLI plugin features, and allow privilege-escalation if the docker CLI is executed as a privileged user.
This issue affects Docker CLI: through 29.1.5 and Windows binaries acting as a CLI-plugin manager using the github.com/docker/cli/cli-plugins/manager https://pkg.go.dev/github.com/docker/cli@v29.1.5+incompatible/cli-plugins/manager package, such as Docker Compose.
This issue does not impact non-Windows binaries, and projects not using the plugin-manager code.
Published: 2026-03-04T16:14:32.045Z
Updated: 2026-03-05T04:55:47.099Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.