5.4

CVSS Score

3.1

-

CVSS Score

Basic Information

CVE ID

CVE-2021-41092

GHSA ID

GHSA-99pg-grm5-qq3v

EPSS Score

0.23846%

CWE

CWE-200

Published

6/10/2024

Updated

7/5/2024

KEV Status

Technology

Basic Information

CVE ID

GHSA ID

EPSS Score

CWE

Published

Updated

KEV Status

Technology

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2021-41092

CVE-2021-41092: Docker CLI leaks private registry credentials to registry-1.docker.io

Impact

A bug was found in the Docker CLI where running docker login my-private-registry.example.com with a misconfigured configuration file (typically ~/.docker/config.json) listing a credsStore or credHelpers that could not be executed would result in any provided credentials being sent to registry-1.docker.io rather than the intended private registry.

Patches

This bug has been fixed in Docker CLI 20.10.9. Users should update to this version as soon as possible.

Workarounds

Ensure that any configured credsStore or credHelpers entries in the configuration file reference an installed credential helper that is executable and on the PATH.

For more information

If you have any questions or comments about this advisory:

Open an issue
Email us at security@docker.com if you think you’ve found a security bug

(GitHub Advisory)

Miggo Vulnerability Database

→

CVE-2021-41092

CVE-2021-41092:

5.4

CVSS Score

3.1

-

CVSS Score

Basic Information

CVE ID

CVE-2021-41092

GHSA ID

GHSA-99pg-grm5-qq3v

EPSS Score

0.23846%

CWE

CWE-200

Published

6/10/2024

Updated

7/5/2024

KEV Status

Technology

Basic Information

CVE ID

GHSA ID

EPSS Score

CWE

Published

Updated

KEV Status

Technology

Technical Details

CVSS Vector

CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:N/A:N

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
github.com/docker/cli	go	< 20.10.9	20.10.9

Technical Details

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability stems from how credential helpers are handled in authentication flow. The commit diff shows critical changes to GetDefaultAuthConfig's error handling - previously returning nil AuthConfig on helper errors (leading to default registry fallback), now returning a struct with serverAddress. The added test TestGetDefaultAuthConfig_HelperError in registry_test.go validates this fix. ConfigureAuth's parameter handling changes (pointer vs value) in login.go and registry.go indicate it was part of the credential flow that failed to properly validate helper executability before falling back to insecure behavior.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.

Reasoning

*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.

5.4

-

Basic Information

Basic Information

Concerned about an active attack path?

CVE-2021-41092: Docker CLI leaks private registry credentials to registry-1.docker.io

Impact

Patches

Workarounds

For more information

CVE-2021-41092:

5.4

-

Basic Information

Basic Information

Technical Details

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability IntelligenceMiggo AI

CVE-2021-41092: Docker CLI leaks private registry credentials to registry-1.docker.io

Impact

Patches

Workarounds

For more information

5.4

5.4

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Basic Information

Basic Information

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI