Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2020-11492 PoC — Docker 竞争条件问题漏洞

Source
https://github.com/CrackerCat/CVE-2020-11492
Associated Vulnerability
Title:Docker 竞争条件问题漏洞 (CVE-2020-11492)
Description:An issue was discovered in Docker Desktop through 2.2.0.5 on Windows. If a local attacker sets up their own named pipe prior to starting Docker with the same name, this attacker can intercept a connection attempt from Docker Service (which runs as SYSTEM), and then impersonate their privileges.
Readme
# CVE-2020-11492

Proof-of-Concept (PoC) for Docker Desktop for Windows privilege escalation vulnerability. This vulnerability was
patched in Docker version 2.3.0.2 on May 11th, 2020.

This PoC performs the following:

- creates a named pipe mimicking docker named pipe `\\.\\pipe\\dockerLifecycleServer`,
- call `ImpersonateNamedPipeClient` after connection from docker service,
- retrieve and duplicate the impersonated access token from the current thread,
- launch a new process with the token. The new process will run as `SYSTEM`.

# References
- https://www.pentestpartners.com/security-blog/docker-desktop-for-windows-privesc-cve-2020-11492/
File Snapshot

 [4.0K]  /data/pocs/bcf8d7e4b63441d4e2c019b0c0db6a7360bebee9
├── [4.0K]  CVE-2020-11492
│   ├── [3.7K]  CVE-2020-11492.cpp
│   ├── [7.2K]  CVE-2020-11492.vcxproj
│   └── [1.0K]  CVE-2020-11492.vcxproj.filters
├── [5.8M]  cve-2020-11492.gif
├── [1.4K]  CVE-2020-11492.sln
└── [ 650]  README.md

1 directory, 6 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →