Github.Com Docker Cli vulnerabilities

CVE-2025-15558 [HIGH] CWE-427 Docker CLI Plugins: Uncontrolled Search Path Element Leads to Local Privilege Escalation on Windows Docker CLI Plugins: Uncontrolled Search Path Element Leads to Local Privilege Escalation on Windows This issue affects Docker CLI through 29.1.5 ### Impact Docker CLI for Windows searches for plugin binaries in `C:\ProgramData\Docker\cli-plugins`, a directory that does not exist by default. A low-privileged attacker can create this directory and place malicious CLI

CVE-2021-41092 [MEDIUM] CWE-200 Docker CLI leaks private registry credentials to registry-1.docker.io Docker CLI leaks private registry credentials to registry-1.docker.io ## Impact A bug was found in the Docker CLI where running `docker login my-private-registry.example.com` with a misconfigured configuration file (typically `~/.docker/config.json`) listing a `credsStore` or `credHelpers` that could not be executed would result in any provided credentials being sent to `registry-1.docker.io`