Refine your search
95 vulnerabilities found for by Docker
CVE-2025-62725 (GCVE-0-2025-62725)
Vulnerability from cvelistv5
Published
2025-10-27 20:37
Modified
2025-10-28 14:47
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Summary
Docker Compose trusts the path information embedded in remote OCI compose artifacts. When a layer includes the annotations com.docker.compose.extends or com.docker.compose.envfile, Compose joins the attacker‑supplied value from com.docker.compose.file/com.docker.compose.envfile with its local cache directory and writes the file there. This affects any platform or workflow that resolves remote OCI compose artifacts, Docker Desktop, standalone Compose binaries on Linux, CI/CD runners, cloud dev environments is affected. An attacker can escape the cache directory and overwrite arbitrary files on the machine running docker compose, even if the user only runs read‑only commands such as docker compose config or docker compose ps. This issue is fixed in v2.40.2.
References
| URL | Tags | |
|---|---|---|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-62725",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-28T14:47:30.993646Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-28T14:47:42.196Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "compose",
"vendor": "docker",
"versions": [
{
"status": "affected",
"version": "\u003c 2.40.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Docker Compose trusts the path information embedded in remote OCI compose artifacts. When a layer includes the annotations com.docker.compose.extends or com.docker.compose.envfile, Compose joins the attacker\u2011supplied value from com.docker.compose.file/com.docker.compose.envfile with its local cache directory and writes the file there. This affects any platform or workflow that resolves remote OCI compose artifacts, Docker Desktop, standalone Compose binaries on Linux, CI/CD runners, cloud dev environments is affected. An attacker can escape the cache directory and overwrite arbitrary files on the machine running docker compose, even if the user only runs read\u2011only commands such as docker compose config or docker compose ps. This issue is fixed in v2.40.2."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 8.9,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "ACTIVE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-27T20:37:32.340Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/docker/compose/security/advisories/GHSA-gv8h-7v7w-r22q",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/docker/compose/security/advisories/GHSA-gv8h-7v7w-r22q"
},
{
"name": "https://github.com/docker/compose/commit/69bcb962bfb2ea53b41aa925333d356b577d6176",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/docker/compose/commit/69bcb962bfb2ea53b41aa925333d356b577d6176"
}
],
"source": {
"advisory": "GHSA-gv8h-7v7w-r22q",
"discovery": "UNKNOWN"
},
"title": "Docker Compose Vulnerable to Path Traversal via OCI Artifact Layer Annotations"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-62725",
"datePublished": "2025-10-27T20:37:32.340Z",
"dateReserved": "2025-10-20T19:41:22.742Z",
"dateUpdated": "2025-10-28T14:47:42.196Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-9164 (GCVE-0-2025-9164)
Vulnerability from cvelistv5
Published
2025-10-27 13:53
Modified
2025-10-28 03:56
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-427 - Uncontrolled Search Path Element
Summary
Docker Desktop Installer.exe is vulnerable to DLL hijacking due to insecure DLL search order. The installer searches for required DLLs in the user's Downloads folder before checking system directories, allowing local privilege escalation through malicious DLL placement.This issue affects Docker Desktop: through 4.48.0.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Docker | Docker Desktop |
Affected:
0 , ≤ 4.48.0
(semver)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-9164",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-27T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-28T03:56:02.643Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "Docker Desktop",
"vendor": "Docker",
"versions": [
{
"lessThanOrEqual": "4.48.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:docker:docker_desktop:*:*:windows:*:*:*:*:*",
"versionEndIncluding": "4.48.0",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Mahmoud NourEldin"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Docker Desktop Installer.exe is vulnerable to DLL hijacking due to insecure DLL search order. The installer searches for required DLLs in the user\u0027s Downloads folder before checking system directories, allowing local privilege escalation through malicious DLL placement.\u003cp\u003eThis issue affects Docker Desktop: through 4.48.0.\u003c/p\u003e"
}
],
"value": "Docker Desktop Installer.exe is vulnerable to DLL hijacking due to insecure DLL search order. The installer searches for required DLLs in the user\u0027s Downloads folder before checking system directories, allowing local privilege escalation through malicious DLL placement.This issue affects Docker Desktop: through 4.48.0."
}
],
"impacts": [
{
"capecId": "CAPEC-38",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-38 Leveraging/Manipulating Configuration File Search Paths"
}
]
},
{
"capecId": "CAPEC-471",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-471 Search Order Hijacking"
}
]
},
{
"capecId": "CAPEC-640",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-640 Inclusion of Code in Existing Process"
}
]
},
{
"capecId": "CAPEC-159",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-159 Redirect Access to Libraries"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "YES",
"Recovery": "USER",
"Safety": "PRESENT",
"attackComplexity": "HIGH",
"attackRequirements": "PRESENT",
"attackVector": "LOCAL",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"valueDensity": "CONCENTRATED",
"vectorString": "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/S:P/AU:Y/R:U/V:C",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-427",
"description": "CWE-427 Uncontrolled Search Path Element",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-27T13:55:28.201Z",
"orgId": "686469e6-3ff6-451b-ab8b-cf5b9e89401e",
"shortName": "Docker"
},
"references": [
{
"url": "https://docs.docker.com/desktop/release-notes/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Multiple DLL Search Order Hijacking Vulnerabilities in Docker Desktop Installer for Windows",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "686469e6-3ff6-451b-ab8b-cf5b9e89401e",
"assignerShortName": "Docker",
"cveId": "CVE-2025-9164",
"datePublished": "2025-10-27T13:53:40.216Z",
"dateReserved": "2025-08-19T13:19:17.483Z",
"dateUpdated": "2025-10-28T03:56:02.643Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-10657 (GCVE-0-2025-10657)
Vulnerability from cvelistv5
Published
2025-09-26 21:05
Modified
2025-09-30 03:55
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-269 - Improper Privilege Management
Summary
In a hardened Docker environment, with Enhanced Container Isolation ( ECI https://docs.docker.com/enterprise/security/hardened-desktop/enhanced-container-isolation/ ) enabled, an administrator can utilize the command restrictions feature https://docs.docker.com/enterprise/security/hardened-desktop/enhanced-container-isolation/config/#command-restrictions to restrict commands that a container with a Docker socket mount may issue on that socket.
Due to a software bug, the configuration to restrict commands was ignored when passed to ECI, allowing any command to be executed on the socket. This grants excessive privileges by permitting unrestricted access to powerful Docker commands.
The vulnerability affects only Docker Desktop 4.46.0 users that have ECI enabled and are using the Docker socket command restrictions feature. In addition, since ECI restricts mounting the Docker socket into containers by default, it only affects containers which are explicitly allowed by the administrator to mount the Docker socket.
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Docker | Docker Desktop |
Affected:
4.46.0
(semver)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-10657",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-29T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-30T03:55:08.351Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows",
"MacOS",
"Linux"
],
"product": "Docker Desktop",
"vendor": "Docker",
"versions": [
{
"status": "affected",
"version": "4.46.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "In a hardened Docker environment, with Enhanced Container Isolation (\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://docs.docker.com/enterprise/security/hardened-desktop/enhanced-container-isolation/\"\u003eECI\u003c/a\u003e) enabled, an administrator can utilize the command restrictions \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://docs.docker.com/enterprise/security/hardened-desktop/enhanced-container-isolation/config/#command-restrictions\"\u003efeature\u003c/a\u003e\u0026nbsp;to restrict commands that a container with a Docker socket mount may issue on that socket.\u003cbr\u003eDue to a software bug, the configuration to restrict commands was ignored when passed to ECI, allowing any command to be executed on the socket. This grants excessive privileges by permitting unrestricted access to powerful Docker commands.\u003cbr\u003e\u003cbr\u003eThe vulnerability affects only Docker Desktop 4.46.0 users that have ECI enabled and are using the Docker socket command restrictions feature. In addition, since ECI restricts mounting the Docker socket into containers by default, it only affects containers which are explicitly allowed by the administrator to mount the Docker socket.\u003cbr\u003e\u003cbr\u003e\u003cbr\u003e"
}
],
"value": "In a hardened Docker environment, with Enhanced Container Isolation ( ECI https://docs.docker.com/enterprise/security/hardened-desktop/enhanced-container-isolation/ ) enabled, an administrator can utilize the command restrictions feature https://docs.docker.com/enterprise/security/hardened-desktop/enhanced-container-isolation/config/#command-restrictions \u00a0to restrict commands that a container with a Docker socket mount may issue on that socket.\nDue to a software bug, the configuration to restrict commands was ignored when passed to ECI, allowing any command to be executed on the socket. This grants excessive privileges by permitting unrestricted access to powerful Docker commands.\n\nThe vulnerability affects only Docker Desktop 4.46.0 users that have ECI enabled and are using the Docker socket command restrictions feature. In addition, since ECI restricts mounting the Docker socket into containers by default, it only affects containers which are explicitly allowed by the administrator to mount the Docker socket."
}
],
"impacts": [
{
"capecId": "CAPEC-233",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-233 Privilege Escalation"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "LOCAL",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269 Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-26T21:05:19.043Z",
"orgId": "686469e6-3ff6-451b-ab8b-cf5b9e89401e",
"shortName": "Docker"
},
"references": [
{
"tags": [
"release-notes"
],
"url": "https://docs.docker.com/desktop/release-notes"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Docker Desktop with ECI Fails to Enforce Socket Command Restrictions",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "686469e6-3ff6-451b-ab8b-cf5b9e89401e",
"assignerShortName": "Docker",
"cveId": "CVE-2025-10657",
"datePublished": "2025-09-26T21:05:19.043Z",
"dateReserved": "2025-09-17T20:55:36.396Z",
"dateUpdated": "2025-09-30T03:55:08.351Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-9074 (GCVE-0-2025-9074)
Vulnerability from cvelistv5
Published
2025-08-20 13:28
Modified
2025-09-25 16:43
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-668 - Exposure of Resource to Wrong Sphere
Summary
A vulnerability was identified in Docker Desktop that allows local running Linux containers to access the Docker Engine API via the configured Docker subnet, at 192.168.65.7:2375 by default. This vulnerability occurs with or without Enhanced Container Isolation (ECI) enabled, and with or without the "Expose daemon on tcp://localhost:2375 without TLS" option enabled.
This can lead to execution of a wide range of privileged commands to the engine API, including controlling other containers, creating new ones, managing images etc. In some circumstances (e.g. Docker Desktop for Windows with WSL backend) it also allows mounting the host drive with the same privileges as the user running Docker Desktop.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Docker | Docker Desktop |
Affected:
4.25 , < 4.44.3
(semver)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-9074",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-20T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-26T03:55:21.680Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit",
"technical-description"
],
"url": "https://pvotal.tech/breaking-dockers-isolation-using-docker-cve-2025-9074/"
},
{
"tags": [
"exploit"
],
"url": "https://blog.qwertysecurity.com/Articles/blog3"
}
],
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-09-25T16:43:01.881Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://blog.qwertysecurity.com/Articles/blog3.html"
},
{
"url": "https://pvotal.tech/breaking-dockers-isolation-using-docker-cve-2025-9074/"
},
{
"url": "https://www.bleepingcomputer.com/news/security/critical-docker-desktop-flaw-lets-attackers-hijack-windows-hosts/"
},
{
"url": "https://www.vicarius.io/vsociety/posts/cve-2025-9074-mitigate-docker-desktop-vulnerability"
},
{
"url": "https://www.vicarius.io/vsociety/posts/cve-2025-9074-detect-docker-desktop-vulnerability"
}
],
"title": "CVE Program Container",
"x_generator": {
"engine": "ADPogram 0.0.1"
}
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows",
"MacOS",
"Linux",
"x86",
"ARM"
],
"product": "Docker Desktop",
"vendor": "Docker",
"versions": [
{
"lessThan": "4.44.3",
"status": "affected",
"version": "4.25",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Felix Boulet"
},
{
"lang": "en",
"type": "finder",
"value": "zer0x64 (Philippe Dugre)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A vulnerability was identified in Docker Desktop that allows local running Linux containers to access the Docker Engine API via the configured Docker subnet, at 192.168.65.7:2375 by default. This vulnerability occurs with or without Enhanced Container Isolation (ECI) enabled, and with or without the \"Expose daemon on tcp://localhost:2375 without TLS\" option enabled.\u003cbr\u003eThis can lead to execution of a wide range of privileged commands to the engine API, including controlling other containers, creating new ones, managing images etc. In some circumstances (e.g. Docker Desktop for Windows with WSL backend) it also allows mounting the host drive with the same privileges as the user running Docker Desktop.\u003cbr\u003e"
}
],
"value": "A vulnerability was identified in Docker Desktop that allows local running Linux containers to access the Docker Engine API via the configured Docker subnet, at 192.168.65.7:2375 by default. This vulnerability occurs with or without Enhanced Container Isolation (ECI) enabled, and with or without the \"Expose daemon on tcp://localhost:2375 without TLS\" option enabled.\nThis can lead to execution of a wide range of privileged commands to the engine API, including controlling other containers, creating new ones, managing images etc. In some circumstances (e.g. Docker Desktop for Windows with WSL backend) it also allows mounting the host drive with the same privileges as the user running Docker Desktop."
}
],
"impacts": [
{
"capecId": "CAPEC-233",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-233 Privilege Escalation"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-668",
"description": "CWE-668 Exposure of Resource to Wrong Sphere",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-20T13:31:13.886Z",
"orgId": "686469e6-3ff6-451b-ab8b-cf5b9e89401e",
"shortName": "Docker"
},
"references": [
{
"url": "https://docs.docker.com/desktop/release-notes/#4443"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Docker Desktop allows unauthenticated access to Docker Engine API from containers",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "686469e6-3ff6-451b-ab8b-cf5b9e89401e",
"assignerShortName": "Docker",
"cveId": "CVE-2025-9074",
"datePublished": "2025-08-20T13:28:35.553Z",
"dateReserved": "2025-08-15T15:08:07.774Z",
"dateUpdated": "2025-09-25T16:43:01.881Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-6587 (GCVE-0-2025-6587)
Vulnerability from cvelistv5
Published
2025-07-03 10:03
Modified
2025-07-04 03:55
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-532 - Insertion of Sensitive Information into Log File
Summary
System environment variables are recorded in Docker Desktop diagnostic logs, when using shell auto-completion. This leads to unintentional disclosure of sensitive information such as api keys, passwords, etc.
A malicious actor with read access to these logs could obtain secrets and further use them to gain unauthorized access to other systems. Starting with version 4.43.0 Docker Desktop no longer logs system environment variables as part of diagnostics log collection.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Docker | Docker Desktop |
Affected:
0 , < 4.43.0
(semver)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-6587",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-03T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-04T03:55:30.300Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"MacOS",
"Linux"
],
"product": "Docker Desktop",
"vendor": "Docker",
"versions": [
{
"lessThan": "4.43.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "System environment variables are recorded in Docker Desktop diagnostic logs, when using shell auto-completion. This leads to unintentional disclosure of sensitive information such as api keys, passwords, etc.\u0026nbsp;\u003cbr\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA malicious actor with read access to these logs could obtain secrets and further use them to gain unauthorized access to other systems. Starting with version 4.43.0 Docker Desktop no longer logs system environment variables as part of diagnostics log collection.\u003c/span\u003e\u003cbr\u003e\u003cbr\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cbr\u003e\u003c/div\u003e\u003c/div\u003e"
}
],
"value": "System environment variables are recorded in Docker Desktop diagnostic logs, when using shell auto-completion. This leads to unintentional disclosure of sensitive information such as api keys, passwords, etc.\u00a0\nA malicious actor with read access to these logs could obtain secrets and further use them to gain unauthorized access to other systems. Starting with version 4.43.0 Docker Desktop no longer logs system environment variables as part of diagnostics log collection."
}
],
"impacts": [
{
"capecId": "CAPEC-37",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-37 Retrieve Embedded Sensitive Data"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "LOCAL",
"baseScore": 5.2,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-532",
"description": "CWE-532 Insertion of Sensitive Information into Log File",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-03T10:13:53.570Z",
"orgId": "686469e6-3ff6-451b-ab8b-cf5b9e89401e",
"shortName": "Docker"
},
"references": [
{
"url": "https://docs.docker.com/desktop/troubleshoot-and-support/troubleshoot/#check-the-logs"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Exposure of system environment variables in Docker Desktop diagnostic logs",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "686469e6-3ff6-451b-ab8b-cf5b9e89401e",
"assignerShortName": "Docker",
"cveId": "CVE-2025-6587",
"datePublished": "2025-07-03T10:03:27.155Z",
"dateReserved": "2025-06-24T20:47:44.847Z",
"dateUpdated": "2025-07-04T03:55:30.300Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-3911 (GCVE-0-2025-3911)
Vulnerability from cvelistv5
Published
2025-04-29 17:20
Modified
2025-04-29 17:58
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-532 - Insertion of Sensitive Information into Log File
Summary
Recording of environment variables, configured for running containers, in Docker Desktop application logs could lead to unintentional disclosure of sensitive information such as api keys, passwords, etc.
A malicious actor with read access to these logs could obtain sensitive credentials information and further use it to gain unauthorized access to other systems. Starting with version 4.41.0, Docker Desktop no longer logs environment variables set by the user.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Docker | Docker Desktop |
Affected:
0 , < 4.41.0
(semver)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-3911",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-29T17:58:42.810551Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-29T17:58:50.628Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows",
"MacOS",
"Linux"
],
"product": "Docker Desktop",
"vendor": "Docker",
"versions": [
{
"lessThan": "4.41.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Recording of environment variables, configured for running containers, in Docker Desktop application logs could lead to\u0026nbsp;unintentional disclosure of sensitive information such as api keys, passwords, etc.\u003cbr\u003e\u003cbr\u003eA malicious actor with read access to these logs could obtain sensitive credentials information and further use it to gain unauthorized access to other systems. Starting with version 4.41.0, Docker Desktop no longer logs environment variables set by the user.\u003cbr\u003e"
}
],
"value": "Recording of environment variables, configured for running containers, in Docker Desktop application logs could lead to\u00a0unintentional disclosure of sensitive information such as api keys, passwords, etc.\n\nA malicious actor with read access to these logs could obtain sensitive credentials information and further use it to gain unauthorized access to other systems. Starting with version 4.41.0, Docker Desktop no longer logs environment variables set by the user."
}
],
"impacts": [
{
"capecId": "CAPEC-37",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-37 Retrieve Embedded Sensitive Data"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "LOCAL",
"baseScore": 5.2,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-532",
"description": "CWE-532 Insertion of Sensitive Information into Log File",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-29T17:20:34.740Z",
"orgId": "686469e6-3ff6-451b-ab8b-cf5b9e89401e",
"shortName": "Docker"
},
"references": [
{
"url": "https://docs.docker.com/desktop/troubleshoot-and-support/troubleshoot/#check-the-logs"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Exposure in Docker Desktop logs of environment variables configured for running containers",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "686469e6-3ff6-451b-ab8b-cf5b9e89401e",
"assignerShortName": "Docker",
"cveId": "CVE-2025-3911",
"datePublished": "2025-04-29T17:20:34.740Z",
"dateReserved": "2025-04-23T20:43:14.232Z",
"dateUpdated": "2025-04-29T17:58:50.628Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-4095 (GCVE-0-2025-4095)
Vulnerability from cvelistv5
Published
2025-04-29 17:16
Modified
2025-04-29 18:00
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-862 - Missing Authorization
Summary
Registry Access Management (RAM) is a security feature allowing administrators to restrict access for their developers to only allowed registries. When a MacOS configuration profile is used to enforce organization sign-in, the RAM policies are not being applied, which would allow Docker Desktop users to pull down unapproved, and potentially malicious images from any registry.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Docker | Docker Desktop |
Affected:
4.36.0 , < 4.41.0
(semver)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-4095",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-29T17:59:56.533245Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-29T18:00:02.591Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"MacOS"
],
"product": "Docker Desktop",
"vendor": "Docker",
"versions": [
{
"lessThan": "4.41.0",
"status": "affected",
"version": "4.36.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Registry Access Management (RAM) is a security feature allowing administrators to restrict access for their developers to only allowed registries. When a MacOS configuration profile is used to enforce organization sign-in, the RAM policies are not being applied, which would allow Docker Desktop users to pull down unapproved, and potentially malicious images from any registry."
}
],
"value": "Registry Access Management (RAM) is a security feature allowing administrators to restrict access for their developers to only allowed registries. When a MacOS configuration profile is used to enforce organization sign-in, the RAM policies are not being applied, which would allow Docker Desktop users to pull down unapproved, and potentially malicious images from any registry."
}
],
"impacts": [
{
"capecId": "CAPEC-180",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-180 Exploiting Incorrectly Configured Access Control Security Levels"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "LOCAL",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:N/SI:H/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-29T17:16:16.894Z",
"orgId": "686469e6-3ff6-451b-ab8b-cf5b9e89401e",
"shortName": "Docker"
},
"references": [
{
"url": "https://docs.docker.com/security/for-admins/hardened-desktop/registry-access-management"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Registry Access Management (RAM) policies not applied when sign-in enforcement is configured via a configuration profile",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "686469e6-3ff6-451b-ab8b-cf5b9e89401e",
"assignerShortName": "Docker",
"cveId": "CVE-2025-4095",
"datePublished": "2025-04-29T17:16:16.894Z",
"dateReserved": "2025-04-29T14:22:36.344Z",
"dateUpdated": "2025-04-29T18:00:02.591Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-3224 (GCVE-0-2025-3224)
Vulnerability from cvelistv5
Published
2025-04-28 19:21
Modified
2025-04-28 19:43
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
A vulnerability in the update process of Docker Desktop for Windows versions prior to 4.41.0 could allow a local, low-privileged attacker to escalate privileges to SYSTEM. During an update, Docker Desktop attempts to delete files and subdirectories under the path C:\ProgramData\Docker\config with high privileges. However, this directory often does not exist by default, and C:\ProgramData\ allows normal users to create new directories. By creating a malicious Docker\config folder structure at this location, an attacker can force the privileged update process to delete or manipulate arbitrary system files, leading to Elevation of Privilege.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Docker | Docker Desktop |
Affected:
0 , < 4.41.0
(semver)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-3224",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-28T19:42:52.263626Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-28T19:43:24.060Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "Docker Desktop",
"vendor": "Docker",
"versions": [
{
"lessThan": "4.41.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Dong-uk Kim, KAIST Hacking Lab"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A vulnerability in the update process of Docker Desktop for Windows versions prior to 4.41.0\u0026nbsp;could allow a local, low-privileged attacker to escalate privileges to SYSTEM. During an update, Docker Desktop attempts to delete files and subdirectories under the path \u003ccode\u003eC:\\ProgramData\\Docker\\config\u003c/code\u003e with high privileges. However, this directory often does not exist by default, and \u003ccode\u003eC:\\ProgramData\\\u003c/code\u003e allows normal users to create new directories. By creating a malicious \u003ccode\u003eDocker\\config\u003c/code\u003e folder structure at this location, an attacker can force the privileged update process to delete or manipulate arbitrary system files, leading to Elevation of Privilege.\u003cbr\u003e\u003cbr\u003e"
}
],
"value": "A vulnerability in the update process of Docker Desktop for Windows versions prior to 4.41.0\u00a0could allow a local, low-privileged attacker to escalate privileges to SYSTEM. During an update, Docker Desktop attempts to delete files and subdirectories under the path C:\\ProgramData\\Docker\\config with high privileges. However, this directory often does not exist by default, and C:\\ProgramData\\ allows normal users to create new directories. By creating a malicious Docker\\config folder structure at this location, an attacker can force the privileged update process to delete or manipulate arbitrary system files, leading to Elevation of Privilege."
}
],
"impacts": [
{
"capecId": "CAPEC-165",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-165 File Manipulation"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "PRESENT",
"attackVector": "LOCAL",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "ACTIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269 Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-59",
"description": "CWE-59 Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-28T19:21:15.851Z",
"orgId": "686469e6-3ff6-451b-ab8b-cf5b9e89401e",
"shortName": "Docker"
},
"references": [
{
"url": "https://www.zerodayinitiative.com/blog/2022/3/16/abusing-arbitrary-file-deletes-to-escalate-privilege-and-other-great-tricks"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Elevation of Privilege in Docker Desktop for Windows during Upgrade due to Insecure Directory Deletion",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "686469e6-3ff6-451b-ab8b-cf5b9e89401e",
"assignerShortName": "Docker",
"cveId": "CVE-2025-3224",
"datePublished": "2025-04-28T19:21:15.851Z",
"dateReserved": "2025-04-03T14:06:28.660Z",
"dateUpdated": "2025-04-28T19:43:24.060Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-0495 (GCVE-0-2025-0495)
Vulnerability from cvelistv5
Published
2025-03-17 19:21
Modified
2025-03-18 16:25
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-532 - Insertion of Sensitive Information into Log File
Summary
Buildx is a Docker CLI plugin that extends build capabilities using BuildKit.
Cache backends support credentials by setting secrets directly as attribute values in cache-to/cache-from configuration. When supplied as user input, these secure values may be inadvertently captured in OpenTelemetry traces as part of the arguments and flags for the traced CLI command. OpenTelemetry traces are also saved in BuildKit daemon's history records.
This vulnerability does not impact secrets passed to the Github cache backend via environment variables or registry authentication.
References
| URL | Tags | |
|---|---|---|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-0495",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-18T16:25:23.455442Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-18T16:25:42.668Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "buildx",
"product": "buildx",
"repo": "https://github.com/docker/buildx",
"vendor": "docker",
"versions": [
{
"lessThanOrEqual": "0.21.2",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eBuildx is a Docker CLI plugin that extends build capabilities using BuildKit.\u003c/p\u003e\u003cp\u003eCache backends support credentials by setting secrets directly as attribute values in \u003ccode\u003ecache-to/cache-from\u003c/code\u003e\u0026nbsp;configuration. When supplied as user input, these secure values may be inadvertently captured in OpenTelemetry traces as part of the arguments and flags for the traced CLI command.\u0026nbsp;OpenTelemetry traces are also saved in BuildKit daemon\u0027s history records.\u003cbr\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThis vulnerability does not impact secrets passed to the Github cache backend\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003evia environment variables or registry authentication\u003c/span\u003e.\u003c/span\u003e\u003cbr\u003e\u003c/p\u003e\u003cbr\u003e"
}
],
"value": "Buildx is a Docker CLI plugin that extends build capabilities using BuildKit.\n\nCache backends support credentials by setting secrets directly as attribute values in cache-to/cache-from\u00a0configuration. When supplied as user input, these secure values may be inadvertently captured in OpenTelemetry traces as part of the arguments and flags for the traced CLI command.\u00a0OpenTelemetry traces are also saved in BuildKit daemon\u0027s history records.\n\n\nThis vulnerability does not impact secrets passed to the Github cache backend\u00a0via environment variables or registry authentication."
}
],
"impacts": [
{
"capecId": "CAPEC-21",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-21 Exploitation of Trusted Identifiers"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 4.1,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "NONE",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:L/VI:N/VA:N/SC:H/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-532",
"description": "CWE-532 Insertion of Sensitive Information into Log File",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-17T19:21:11.295Z",
"orgId": "686469e6-3ff6-451b-ab8b-cf5b9e89401e",
"shortName": "Docker"
},
"references": [
{
"url": "https://github.com/docker/buildx"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Secrets leakage to telemetry endpoint via cache backend configuration via buildx",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "686469e6-3ff6-451b-ab8b-cf5b9e89401e",
"assignerShortName": "Docker",
"cveId": "CVE-2025-0495",
"datePublished": "2025-03-17T19:21:11.295Z",
"dateReserved": "2025-01-15T15:26:40.672Z",
"dateUpdated": "2025-03-18T16:25:42.668Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-1696 (GCVE-0-2025-1696)
Vulnerability from cvelistv5
Published
2025-03-06 11:58
Modified
2025-03-06 16:15
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-532 - Insertion of Sensitive Information into Log File
Summary
A vulnerability exists in Docker Desktop prior to version 4.39.0 that could lead to the unintentional disclosure of sensitive information via application logs. In affected versions, proxy configuration data—potentially including sensitive details—was written to log files in clear text whenever an HTTP GET request was made through a proxy. An attacker with read access to these logs could obtain the proxy information and leverage it for further attacks or unauthorized access. Starting with version 4.39.0, Docker Desktop no longer logs the proxy string, thereby mitigating this risk.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Docker | Docker Desktop |
Affected:
0 , < 4.39.0
(semver)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-1696",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-06T16:15:38.635400Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-06T16:15:52.078Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows",
"MacOS",
"Linux"
],
"product": "Docker Desktop",
"vendor": "Docker",
"versions": [
{
"lessThan": "4.39.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Docker Desktop proxy is configured with Basic HTTP authentication scheme"
}
],
"value": "Docker Desktop proxy is configured with Basic HTTP authentication scheme"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A vulnerability exists in Docker Desktop prior to version 4.39.0 that could lead to the unintentional disclosure of sensitive information via application logs. In affected versions, proxy configuration data\u2014potentially including sensitive details\u2014was written to log files in clear text whenever an HTTP GET request was made through a proxy. An attacker with read access to these logs could obtain the proxy information and leverage it for further attacks or unauthorized access. Starting with version 4.39.0, Docker Desktop no longer logs the proxy string, thereby mitigating this risk."
}
],
"value": "A vulnerability exists in Docker Desktop prior to version 4.39.0 that could lead to the unintentional disclosure of sensitive information via application logs. In affected versions, proxy configuration data\u2014potentially including sensitive details\u2014was written to log files in clear text whenever an HTTP GET request was made through a proxy. An attacker with read access to these logs could obtain the proxy information and leverage it for further attacks or unauthorized access. Starting with version 4.39.0, Docker Desktop no longer logs the proxy string, thereby mitigating this risk."
}
],
"impacts": [
{
"capecId": "CAPEC-37",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-37 Retrieve Embedded Sensitive Data"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "LOCAL",
"baseScore": 5.2,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-532",
"description": "CWE-532 Insertion of Sensitive Information into Log File",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-06T11:58:43.389Z",
"orgId": "686469e6-3ff6-451b-ab8b-cf5b9e89401e",
"shortName": "Docker"
},
"references": [
{
"url": "https://docs.docker.com/desktop/settings-and-maintenance/settings/#proxies"
},
{
"url": "https://docs.docker.com/desktop/troubleshoot-and-support/troubleshoot/#check-the-logs"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "Exposure of Proxy Credentials in Docker Desktop Logs",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "686469e6-3ff6-451b-ab8b-cf5b9e89401e",
"assignerShortName": "Docker",
"cveId": "CVE-2025-1696",
"datePublished": "2025-03-06T11:58:43.389Z",
"dateReserved": "2025-02-25T16:19:49.992Z",
"dateUpdated": "2025-03-06T16:15:52.078Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-9348 (GCVE-0-2024-9348)
Vulnerability from cvelistv5
Published
2024-10-16 14:50
Modified
2024-10-17 13:30
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-20 - Improper Input Validation
Summary
Docker Desktop before v4.34.3 allows RCE via unsanitized GitHub source link in Build view.
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Docker | Docker Desktop |
Affected:
0 , < 4.34.3
(semver)
|
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:docker:desktop:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "desktop",
"vendor": "docker",
"versions": [
{
"lessThan": "4.34.3",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-9348",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-16T15:25:16.890959Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-116",
"description": "CWE-116 Improper Encoding or Escaping of Output",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-17T13:30:08.548Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"Builds view"
],
"platforms": [
"Windows",
"MacOS",
"Linux",
"x86",
"ARM"
],
"product": "Docker Desktop",
"vendor": "Docker",
"versions": [
{
"lessThan": "4.34.3",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Cure53"
}
],
"datePublic": "2024-10-09T15:45:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Docker Desktop before v4.34.3 allows RCE via unsanitized GitHub source link in Build view."
}
],
"value": "Docker Desktop before v4.34.3 allows RCE via unsanitized GitHub source link in Build view."
}
],
"impacts": [
{
"capecId": "CAPEC-63",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-63 Cross-Site Scripting (XSS)"
}
]
},
{
"capecId": "CAPEC-253",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-253 Remote Code Inclusion"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 8.9,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "ACTIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-16T14:50:06.031Z",
"orgId": "686469e6-3ff6-451b-ab8b-cf5b9e89401e",
"shortName": "Docker"
},
"references": [
{
"tags": [
"release-notes"
],
"url": "https://docs.docker.com/desktop/release-notes/#4343"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update to Docker Desktop 4.34.3 or later"
}
],
"value": "Update to Docker Desktop 4.34.3 or later"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Docker Desktop before v4.34.3 allows RCE via unsanitized GitHub source link in Build view",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "686469e6-3ff6-451b-ab8b-cf5b9e89401e",
"assignerShortName": "Docker",
"cveId": "CVE-2024-9348",
"datePublished": "2024-10-16T14:50:06.031Z",
"dateReserved": "2024-09-30T16:27:33.193Z",
"dateUpdated": "2024-10-17T13:30:08.548Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-8696 (GCVE-0-2024-8696)
Vulnerability from cvelistv5
Published
2024-09-12 17:54
Modified
2024-09-12 19:27
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
A remote code execution (RCE) vulnerability via crafted extension publisher-url/additional-urls could be abused by a malicious extension in Docker Desktop before 4.34.2.
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Docker | Docker Desktop |
Affected:
0 , < 4.34.2
(semver)
|
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:docker:docker_desktop:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "docker_desktop",
"vendor": "docker",
"versions": [
{
"lessThan": "4.34.2",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-8696",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-12T19:25:46.342468Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-12T19:27:18.773Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"Docker Extensions"
],
"platforms": [
"Windows",
"MacOS",
"Linux",
"x86",
"ARM"
],
"product": "Docker Desktop",
"vendor": "Docker",
"versions": [
{
"lessThan": "4.34.2",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Docker Extensions are enabled"
}
],
"value": "Docker Extensions are enabled"
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Cure53"
}
],
"datePublic": "2024-09-12T16:30:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A remote code execution (RCE) vulnerability via crafted extension publisher-url/additional-urls could be abused by a malicious extension in Docker Desktop before 4.34.2."
}
],
"value": "A remote code execution (RCE) vulnerability via crafted extension publisher-url/additional-urls could be abused by a malicious extension in Docker Desktop before 4.34.2."
}
],
"impacts": [
{
"capecId": "CAPEC-63",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-63 Cross-Site Scripting (XSS)"
}
]
},
{
"capecId": "CAPEC-253",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-253 Remote Code Inclusion"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 8.9,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "ACTIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-12T17:54:34.968Z",
"orgId": "686469e6-3ff6-451b-ab8b-cf5b9e89401e",
"shortName": "Docker"
},
"references": [
{
"tags": [
"release-notes"
],
"url": "https://docs.docker.com/desktop/release-notes/#4342"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update Docker Desktop to 4.34.2 or a later version"
}
],
"value": "Update Docker Desktop to 4.34.2 or a later version"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "A remote code execution (RCE) vulnerability via crafted extension publisher-url/additional-urls could be abused by a malicious extension in Docker Desktop before 4.34.2.",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://docs.docker.com/extensions/settings-feedback/#turn-on-or-turn-off-extensions\"\u003eTurn off\u0026nbsp;Docker Extensions\u003c/a\u003e\u003cbr\u003e"
}
],
"value": "Turn off\u00a0Docker Extensions https://docs.docker.com/extensions/settings-feedback/#turn-on-or-turn-off-extensions"
},
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Configure a \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://docs.docker.com/extensions/private-marketplace/\"\u003eprivate marketplace\u003c/a\u003e with a curated list of trusted extensions (for Docker Business customers only)"
}
],
"value": "Configure a private marketplace https://docs.docker.com/extensions/private-marketplace/ with a curated list of trusted extensions (for Docker Business customers only)"
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "686469e6-3ff6-451b-ab8b-cf5b9e89401e",
"assignerShortName": "Docker",
"cveId": "CVE-2024-8696",
"datePublished": "2024-09-12T17:54:34.968Z",
"dateReserved": "2024-09-11T12:15:42.463Z",
"dateUpdated": "2024-09-12T19:27:18.773Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-8695 (GCVE-0-2024-8695)
Vulnerability from cvelistv5
Published
2024-09-12 17:52
Modified
2024-09-12 19:14
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
A remote code execution (RCE) vulnerability via crafted extension description/changelog could be abused by a malicious extension in Docker Desktop before 4.34.2.
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Docker | Docker Desktop |
Affected:
0 , < 4.34.2
(semver)
|
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:docker:docker_desktop:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "docker_desktop",
"vendor": "docker",
"versions": [
{
"lessThan": "4.34.2",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-8695",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-12T19:11:35.025092Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-12T19:14:03.622Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"Docker Extensions"
],
"platforms": [
"Windows",
"MacOS",
"Linux",
"x86",
"ARM"
],
"product": "Docker Desktop",
"vendor": "Docker",
"versions": [
{
"lessThan": "4.34.2",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Docker Extensions are enabled"
}
],
"value": "Docker Extensions are enabled"
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Cure53"
}
],
"datePublic": "2024-09-12T16:30:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A remote code execution (RCE) vulnerability via crafted extension description/changelog could be abused by a malicious extension in Docker Desktop before 4.34.2."
}
],
"value": "A remote code execution (RCE) vulnerability via crafted extension description/changelog could be abused by a malicious extension in Docker Desktop before 4.34.2."
}
],
"impacts": [
{
"capecId": "CAPEC-63",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-63 Cross-Site Scripting (XSS)"
}
]
},
{
"capecId": "CAPEC-253",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-253 Remote Code Inclusion"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 9,
"baseSeverity": "CRITICAL",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-12T17:52:55.491Z",
"orgId": "686469e6-3ff6-451b-ab8b-cf5b9e89401e",
"shortName": "Docker"
},
"references": [
{
"tags": [
"release-notes"
],
"url": "https://docs.docker.com/desktop/release-notes/#4342"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update Docker Desktop to 4.34.2 or a later version"
}
],
"value": "Update Docker Desktop to 4.34.2 or a later version"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "A remote code execution (RCE) vulnerability via crafted extension description/changelog could be abused by a malicious extension in Docker Desktop before 4.34.2.",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://docs.docker.com/extensions/settings-feedback/#turn-on-or-turn-off-extensions\"\u003eTurn off\u0026nbsp;Docker Extensions\u003c/a\u003e\u003cbr\u003e"
}
],
"value": "Turn off\u00a0Docker Extensions https://docs.docker.com/extensions/settings-feedback/#turn-on-or-turn-off-extensions"
},
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Configure a \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://docs.docker.com/extensions/private-marketplace/\"\u003eprivate marketplace\u003c/a\u003e with a curated list of trusted extensions (for Docker Business customers only)"
}
],
"value": "Configure a private marketplace https://docs.docker.com/extensions/private-marketplace/ with a curated list of trusted extensions (for Docker Business customers only)"
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "686469e6-3ff6-451b-ab8b-cf5b9e89401e",
"assignerShortName": "Docker",
"cveId": "CVE-2024-8695",
"datePublished": "2024-09-12T17:52:55.491Z",
"dateReserved": "2024-09-11T12:15:39.713Z",
"dateUpdated": "2024-09-12T19:14:03.622Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-6222 (GCVE-0-2024-6222)
Vulnerability from cvelistv5
Published
2024-07-09 17:16
Modified
2024-08-01 21:33
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-923 - Improper Restriction of Communication Channel to Intended Endpoints
Summary
In Docker Desktop before v4.29.0, an attacker who has gained access to the Docker Desktop VM through a container breakout can further escape to the host by passing extensions and dashboard related IPC messages.
Docker Desktop v4.29.0 https://docs.docker.com/desktop/release-notes/#4290 fixes the issue on MacOS, Linux and Windows with Hyper-V backend.
As exploitation requires "Allow only extensions distributed through the Docker Marketplace" to be disabled, Docker Desktop v4.31.0 https://docs.docker.com/desktop/release-notes/#4310 additionally changes the default configuration to enable this setting by default.
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Docker Inc. | Docker Desktop |
Affected:
0 , < v4.29.0
(semver)
|
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:docker:desktop:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "desktop",
"vendor": "docker",
"versions": [
{
"lessThan": "4.29.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-6222",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-31T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-01T03:55:55.155Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T21:33:05.292Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"release-notes",
"x_transferred"
],
"url": "https://docs.docker.com/desktop/release-notes/#4290"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows",
"MacOS",
"Linux"
],
"product": "Docker Desktop",
"vendor": "Docker Inc.",
"versions": [
{
"lessThan": "v4.29.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Docker Extensions enabled"
}
],
"value": "Docker Extensions enabled"
},
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\"Allow only extensions distributed through the Docker Marketplace\" disabled\u003cbr\u003e"
}
],
"value": "\"Allow only extensions distributed through the Docker Marketplace\" disabled"
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Billy Jheng Bing-Jhong"
},
{
"lang": "en",
"type": "finder",
"value": "\u0110\u1ed7 Minh Tu\u1ea5n"
},
{
"lang": "en",
"type": "finder",
"value": "Muhammad Alifa Ramdhan"
},
{
"lang": "en",
"type": "coordinator",
"value": "Trend Micro Zero Day Initiative"
}
],
"datePublic": "2024-06-21T10:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "In Docker Desktop before v4.29.0, an attacker who has gained access to the Docker Desktop VM through a container breakout can further escape to the host by passing extensions and dashboard related IPC messages.\u003cbr\u003e\u003cbr\u003eDocker Desktop \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://docs.docker.com/desktop/release-notes/#4290\"\u003ev4.29.0\u003c/a\u003e fixes the issue on MacOS, Linux and Windows with Hyper-V backend.\u003cbr\u003e\u003cbr\u003eAs exploitation requires \"Allow only extensions distributed through the Docker Marketplace\" to be disabled, Docker Desktop\u0026nbsp;\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://docs.docker.com/desktop/release-notes/#4310\"\u003ev4.31.0\u003c/a\u003e\u0026nbsp;additionally changes the default configuration to enable this setting by default.\u003cbr\u003e"
}
],
"value": "In Docker Desktop before v4.29.0, an attacker who has gained access to the Docker Desktop VM through a container breakout can further escape to the host by passing extensions and dashboard related IPC messages.\n\nDocker Desktop v4.29.0 https://docs.docker.com/desktop/release-notes/#4290 fixes the issue on MacOS, Linux and Windows with Hyper-V backend.\n\nAs exploitation requires \"Allow only extensions distributed through the Docker Marketplace\" to be disabled, Docker Desktop\u00a0 v4.31.0 https://docs.docker.com/desktop/release-notes/#4310 \u00a0additionally changes the default configuration to enable this setting by default."
}
],
"impacts": [
{
"capecId": "CAPEC-480",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-480 Escaping Virtualization"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "LOCAL",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-923",
"description": "CWE-923: Improper Restriction of Communication Channel to Intended Endpoints",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-09T17:16:05.646Z",
"orgId": "686469e6-3ff6-451b-ab8b-cf5b9e89401e",
"shortName": "Docker"
},
"references": [
{
"tags": [
"release-notes"
],
"url": "https://docs.docker.com/desktop/release-notes/#4290"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "In Docker Desktop before v4.29.0 an attacker who has gained access to the Docker Desktop VM through a container breakout can further escape to the host by passing extensions and dashboard related IPC messages",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Disable Docker Extensions or enable \"Allow only extensions distributed through the Docker Marketplace\" from the Settings panel."
}
],
"value": "Disable Docker Extensions or enable \"Allow only extensions distributed through the Docker Marketplace\" from the Settings panel."
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "686469e6-3ff6-451b-ab8b-cf5b9e89401e",
"assignerShortName": "Docker",
"cveId": "CVE-2024-6222",
"datePublished": "2024-07-09T17:16:05.646Z",
"dateReserved": "2024-06-20T18:47:44.854Z",
"dateUpdated": "2024-08-01T21:33:05.292Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-5652 (GCVE-0-2024-5652)
Vulnerability from cvelistv5
Published
2024-07-09 17:07
Modified
2025-03-19 15:47
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In Docker Desktop on Windows before v4.31.0 allows a user in the docker-users group to cause a Windows Denial-of-Service through the exec-path Docker daemon config option in Windows containers mode.
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Docker Inc. | Docker Desktop |
Affected:
0 , < v4.31.0
(semver)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-5652",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-23T18:59:59.468065Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400 Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-19T15:47:03.640Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T21:18:06.518Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"release-notes",
"x_transferred"
],
"url": "https://docs.docker.com/desktop/release-notes/#4310"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "Docker Desktop",
"vendor": "Docker Inc.",
"versions": [
{
"lessThan": "v4.31.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Docker Desktop not installed with the --no-windows-containers installer flag\u003cbr\u003e"
}
],
"value": "Docker Desktop not installed with the --no-windows-containers installer flag"
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Hashim Jawad ( @ihack4falafel)"
},
{
"lang": "en",
"type": "finder",
"value": "Trend Micro Zero Day Initiative"
}
],
"datePublic": "2024-06-06T15:15:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "In Docker Desktop on Windows before v4.31.0\u0026nbsp;allows a user in the \u003ccode\u003edocker-users\u003c/code\u003e\u0026nbsp;group to cause a Windows Denial-of-Service through the \u003ccode\u003eexec-path\u003c/code\u003e\u0026nbsp;Docker daemon config option in Windows containers mode.\u003cbr\u003e"
}
],
"value": "In Docker Desktop on Windows before v4.31.0\u00a0allows a user in the docker-users\u00a0group to cause a Windows Denial-of-Service through the exec-path\u00a0Docker daemon config option in Windows containers mode."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-09T17:07:08.691Z",
"orgId": "686469e6-3ff6-451b-ab8b-cf5b9e89401e",
"shortName": "Docker"
},
"references": [
{
"tags": [
"release-notes"
],
"url": "https://docs.docker.com/desktop/release-notes/#4310"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "In Docker Desktop on Windows before v4.31.0 allows a user in the docker-users\u00a0group to cause a Windows Denial-of-Service through the exec-path\u00a0Docker daemon config option in Windows containers mode",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "686469e6-3ff6-451b-ab8b-cf5b9e89401e",
"assignerShortName": "Docker",
"cveId": "CVE-2024-5652",
"datePublished": "2024-07-09T17:07:08.691Z",
"dateReserved": "2024-06-05T10:54:16.890Z",
"dateUpdated": "2025-03-19T15:47:03.640Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-0633 (GCVE-0-2023-0633)
Vulnerability from cvelistv5
Published
2023-09-25 15:32
Modified
2024-09-24 14:59
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-88 - Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')
Summary
In Docker Desktop on Windows before 4.12.0 an argument injection to installer may result in local privilege escalation (LPE).This issue affects Docker Desktop: before 4.12.0.
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Docker Inc. | Docker Desktop |
Affected:
0 , < 4.12.0
(semver)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:17:50.183Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"release-notes",
"x_transferred"
],
"url": "https://docs.docker.com/desktop/release-notes/#4120"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-0633",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-24T14:59:08.624405Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-24T14:59:18.568Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows",
"x86"
],
"product": "Docker Desktop",
"vendor": "Docker Inc.",
"versions": [
{
"lessThan": "4.12.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Cure53"
}
],
"datePublic": "2022-09-01T10:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "In Docker Desktop on Windows before 4.12.0 an argument injection to installer may result in local privilege escalation (LPE).\u003cp\u003eThis issue affects Docker Desktop: before 4.12.0.\u003c/p\u003e"
}
],
"value": "In Docker Desktop on Windows before 4.12.0 an argument injection to installer may result in local privilege escalation (LPE).This issue affects Docker Desktop: before 4.12.0.\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-233",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-233 Privilege Escalation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-88",
"description": "CWE-88 Improper Neutralization of Argument Delimiters in a Command (\u0027Argument Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-25T15:32:20.271Z",
"orgId": "686469e6-3ff6-451b-ab8b-cf5b9e89401e",
"shortName": "Docker"
},
"references": [
{
"tags": [
"release-notes"
],
"url": "https://docs.docker.com/desktop/release-notes/#4120"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update to 4.12.0"
}
],
"value": "Update to 4.12.0"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "In Docker Desktop on Windows before 4.12.0 an argument injection to installer may result in LPE",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "686469e6-3ff6-451b-ab8b-cf5b9e89401e",
"assignerShortName": "Docker",
"cveId": "CVE-2023-0633",
"datePublished": "2023-09-25T15:32:20.271Z",
"dateReserved": "2023-02-01T23:30:55.499Z",
"dateUpdated": "2024-09-24T14:59:18.568Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-0627 (GCVE-0-2023-0627)
Vulnerability from cvelistv5
Published
2023-09-25 15:31
Modified
2024-09-24 15:37
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-501 - Trust Boundary Violation
Summary
Docker Desktop 4.11.x allows --no-windows-containers flag bypass via IPC response spoofing which may lead to Local Privilege Escalation (LPE).This issue affects Docker Desktop: 4.11.X.
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Docker Inc. | Docker Desktop |
Affected:
4.11.x
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:17:50.133Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"release-notes",
"x_transferred"
],
"url": "https://docs.docker.com/desktop/release-notes/#4120"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-0627",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-24T15:37:26.565896Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-24T15:37:48.589Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows",
"x86"
],
"product": "Docker Desktop",
"vendor": "Docker Inc.",
"versions": [
{
"status": "affected",
"version": "4.11.x"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Docker Desktop installed with the\u0026nbsp;\u003cspan style=\"background-color: rgb(239, 250, 102);\"\u003e--no-widnows-containers\u003c/span\u003e flag"
}
],
"value": "Docker Desktop installed with the\u00a0--no-widnows-containers flag"
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Cure53"
}
],
"datePublic": "2022-09-01T10:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Docker Desktop 4.11.x allows \u003cspan style=\"background-color: rgb(239, 250, 102);\"\u003e--no-windows-containers\u003c/span\u003e flag bypass via IPC response spoofing which may lead to Local Privilege Escalation (LPE).\u003cp\u003eThis issue affects Docker Desktop: 4.11.X.\u003c/p\u003e"
}
],
"value": "Docker Desktop 4.11.x allows --no-windows-containers flag bypass via IPC response spoofing which may lead to Local Privilege Escalation (LPE).This issue affects Docker Desktop: 4.11.X.\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-554",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-554 Functionality Bypass"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-501",
"description": "CWE-501: Trust Boundary Violation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-25T15:31:58.782Z",
"orgId": "686469e6-3ff6-451b-ab8b-cf5b9e89401e",
"shortName": "Docker"
},
"references": [
{
"tags": [
"release-notes"
],
"url": "https://docs.docker.com/desktop/release-notes/#4120"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update to 4.12.0"
}
],
"value": "Update to 4.12.0"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Docker Desktop 4.11.x allows --no-windows-containers flag bypass",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "686469e6-3ff6-451b-ab8b-cf5b9e89401e",
"assignerShortName": "Docker",
"cveId": "CVE-2023-0627",
"datePublished": "2023-09-25T15:31:58.782Z",
"dateReserved": "2023-02-01T22:31:05.774Z",
"dateUpdated": "2024-09-24T15:37:48.589Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-0626 (GCVE-0-2023-0626)
Vulnerability from cvelistv5
Published
2023-09-25 15:31
Modified
2024-09-24 15:38
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-94 - Improper Control of Generation of Code ('Code Injection')
Summary
Docker Desktop before 4.12.0 is vulnerable to RCE via query parameters in message-box route.
This issue affects Docker Desktop: before 4.12.0.
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Docker Inc. | Docker Desktop |
Affected:
0 , < 4.12.0
(semver)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:17:50.222Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"release-notes",
"x_transferred"
],
"url": "https://docs.docker.com/desktop/release-notes/#4120"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-0626",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-24T15:38:25.790536Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-24T15:38:38.480Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows",
"MacOS",
"Linux",
"x86",
"ARM"
],
"product": "Docker Desktop",
"vendor": "Docker Inc.",
"versions": [
{
"lessThan": "4.12.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Masato Kinugawa"
},
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Mohan Pedhapati"
}
],
"datePublic": "2022-09-01T10:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eDocker Desktop before 4.12.0 is vulnerable to RCE via query parameters in message-box route.\u003cbr\u003e\u003cbr\u003eThis issue affects Docker Desktop: before 4.12.0.\u003c/p\u003e"
}
],
"value": "Docker Desktop before 4.12.0 is vulnerable to RCE via query parameters in message-box route.\n\nThis issue affects Docker Desktop: before 4.12.0.\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-253",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-253 Remote Code Inclusion"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-25T15:31:38.283Z",
"orgId": "686469e6-3ff6-451b-ab8b-cf5b9e89401e",
"shortName": "Docker"
},
"references": [
{
"tags": [
"release-notes"
],
"url": "https://docs.docker.com/desktop/release-notes/#4120"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update to 4.12.0"
}
],
"value": "Update to 4.12.0"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Docker Desktop before 4.12.0 is vulnerable to RCE via query parameters in message-box route ",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Disable extensions"
}
],
"value": "Disable extensions"
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "686469e6-3ff6-451b-ab8b-cf5b9e89401e",
"assignerShortName": "Docker",
"cveId": "CVE-2023-0626",
"datePublished": "2023-09-25T15:31:38.283Z",
"dateReserved": "2023-02-01T22:31:04.271Z",
"dateUpdated": "2024-09-24T15:38:38.480Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-0625 (GCVE-0-2023-0625)
Vulnerability from cvelistv5
Published
2023-09-25 15:31
Modified
2024-09-24 15:39
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
Docker Desktop before 4.12.0 is vulnerable to RCE via a crafted extension description or changelog.
This issue affects Docker Desktop: before 4.12.0.
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Docker Inc. | Docker Desktop |
Affected:
0 , < 4.12.0
(semver)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:17:50.282Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"release-notes",
"x_transferred"
],
"url": "https://docs.docker.com/desktop/release-notes/#4120"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-0625",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-24T15:39:03.026730Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-24T15:39:13.171Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows",
"MacOS",
"Linux",
"x86",
"ARM"
],
"product": "Docker Desktop",
"vendor": "Docker Inc.",
"versions": [
{
"lessThan": "4.12.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Masato Kinugawa"
}
],
"datePublic": "2022-09-01T10:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eDocker Desktop before 4.12.0 is vulnerable to RCE via a crafted extension description or changelog.\u003cbr\u003e\u003cbr\u003eThis issue affects Docker Desktop: before 4.12.0.\u003c/p\u003e"
}
],
"value": "Docker Desktop before 4.12.0 is vulnerable to RCE via a crafted extension description or changelog.\n\nThis issue affects Docker Desktop: before 4.12.0.\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-63",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-63 Cross-Site Scripting (XSS)"
}
]
},
{
"capecId": "CAPEC-253",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-253 Remote Code Inclusion"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-829",
"description": "CWE-829 Inclusion of Functionality from Untrusted Control Sphere",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-25T15:31:09.114Z",
"orgId": "686469e6-3ff6-451b-ab8b-cf5b9e89401e",
"shortName": "Docker"
},
"references": [
{
"tags": [
"release-notes"
],
"url": "https://docs.docker.com/desktop/release-notes/#4120"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update to 4.12.0"
}
],
"value": "Update to 4.12.0"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Docker Desktop before 4.12.0 is vulnerable to RCE via a crafted extension description or changelog",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Disable extensions"
}
],
"value": "Disable extensions"
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "686469e6-3ff6-451b-ab8b-cf5b9e89401e",
"assignerShortName": "Docker",
"cveId": "CVE-2023-0625",
"datePublished": "2023-09-25T15:31:09.114Z",
"dateReserved": "2023-02-01T22:31:03.132Z",
"dateUpdated": "2024-09-24T15:39:13.171Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-5166 (GCVE-0-2023-5166)
Vulnerability from cvelistv5
Published
2023-09-25 15:30
Modified
2024-09-24 15:54
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Summary
Docker Desktop before 4.23.0 allows Access Token theft via a crafted extension icon URL.
This issue affects Docker Desktop: before 4.23.0.
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Docker Inc. | Docker Desktop |
Affected:
0 , < 4.23.0
(semver)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:52:07.432Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"release-notes",
"x_transferred"
],
"url": "https://docs.docker.com/desktop/release-notes/#4230"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-5166",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-24T15:53:56.675460Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-24T15:54:17.938Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows",
"MacOS",
"Linux",
"x86",
"ARM"
],
"product": "Docker Desktop",
"vendor": "Docker Inc.",
"versions": [
{
"lessThan": "4.23.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "M. Haunschmid"
}
],
"datePublic": "2023-09-11T10:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eDocker Desktop before 4.23.0 allows Access Token theft via a crafted extension icon URL.\u003cbr\u003e\u003cbr\u003eThis issue affects Docker Desktop: before 4.23.0.\u003c/p\u003e"
}
],
"value": "Docker Desktop before 4.23.0 allows Access Token theft via a crafted extension icon URL.\n\nThis issue affects Docker Desktop: before 4.23.0.\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-555",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-555 Remote Services with Stolen Credentials"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-25T15:30:10.164Z",
"orgId": "686469e6-3ff6-451b-ab8b-cf5b9e89401e",
"shortName": "Docker"
},
"references": [
{
"tags": [
"release-notes"
],
"url": "https://docs.docker.com/desktop/release-notes/#4230"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update Docker Desktop to 4.23.0"
}
],
"value": "Update Docker Desktop to 4.23.0"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Docker Desktop before 4.23.0 allows Access Token theft via a crafted extension icon URL",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Disable extensions"
}
],
"value": "Disable extensions"
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "686469e6-3ff6-451b-ab8b-cf5b9e89401e",
"assignerShortName": "Docker",
"cveId": "CVE-2023-5166",
"datePublished": "2023-09-25T15:30:10.164Z",
"dateReserved": "2023-09-25T14:05:47.327Z",
"dateUpdated": "2024-09-24T15:54:17.938Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-5165 (GCVE-0-2023-5165)
Vulnerability from cvelistv5
Published
2023-09-25 15:29
Modified
2024-09-24 15:55
Severity ?
VLAI Severity ?
EPSS score ?
Summary
Docker Desktop before 4.23.0 allows an unprivileged user to bypass Enhanced Container Isolation (ECI) restrictions via the debug shell which remains accessible for a short time window after launching Docker Desktop. The affected functionality is available for Docker Business customers only and assumes an environment where users are not granted local root or Administrator privileges.
This issue has been fixed in Docker Desktop 4.23.0.
Affected Docker Desktop versions: from 4.13.0 before 4.23.0.
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Docker Inc. | Docker Desktop |
Affected:
4.13.0 , < 4.23.0
(semver)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:52:07.697Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"release-notes",
"x_transferred"
],
"url": "https://docs.docker.com/desktop/release-notes/#4230"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-5165",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-24T15:55:31.117566Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-24T15:55:38.645Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows",
"MacOS",
"Linux",
"x86",
"ARM"
],
"product": "Docker Desktop",
"vendor": "Docker Inc.",
"versions": [
{
"lessThan": "4.23.0",
"status": "affected",
"version": "4.13.0",
"versionType": "semver"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Enhanced Container Isolation enabled (only available for Docker Business users)"
}
],
"value": "Enhanced Container Isolation enabled (only available for Docker Business users)"
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "L. Kofler"
}
],
"datePublic": "2023-09-11T10:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eDocker Desktop before 4.23.0 allows an unprivileged user to bypass Enhanced Container Isolation (ECI) restrictions via the debug shell which remains accessible for a short time window after launching Docker Desktop. The affected functionality is available for Docker Business customers only and assumes an environment where users are not granted local root or Administrator privileges. \u003cbr\u003e\u003cbr\u003eThis issue has been fixed in Docker Desktop 4.23.0. \u003cbr\u003e\u003cbr\u003eAffected Docker Desktop versions: from 4.13.0 before 4.23.0.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "Docker Desktop before 4.23.0 allows an unprivileged user to bypass Enhanced Container Isolation (ECI) restrictions via the debug shell which remains accessible for a short time window after launching Docker Desktop. The affected functionality is available for Docker Business customers only and assumes an environment where users are not granted local root or Administrator privileges. \n\nThis issue has been fixed in Docker Desktop 4.23.0. \n\nAffected Docker Desktop versions: from 4.13.0 before 4.23.0.\n"
}
],
"impacts": [
{
"capecId": "CAPEC-554",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-554 Functionality Bypass"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-424",
"description": "CWE-424: Improper Protection of Alternate Path",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-25T15:29:12.869Z",
"orgId": "686469e6-3ff6-451b-ab8b-cf5b9e89401e",
"shortName": "Docker"
},
"references": [
{
"tags": [
"release-notes"
],
"url": "https://docs.docker.com/desktop/release-notes/#4230"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update to version 4.23.0"
}
],
"value": "Update to version 4.23.0"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Docker Desktop before 4.23.0 allows Enhanced Container Isolation bypass via debug shell",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "686469e6-3ff6-451b-ab8b-cf5b9e89401e",
"assignerShortName": "Docker",
"cveId": "CVE-2023-5165",
"datePublished": "2023-09-25T15:29:12.869Z",
"dateReserved": "2023-09-25T14:05:45.905Z",
"dateUpdated": "2024-09-24T15:55:38.645Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-40453 (GCVE-0-2023-40453)
Vulnerability from cvelistv5
Published
2023-08-14 00:00
Modified
2024-10-09 14:49
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Docker Machine through 0.16.2 allows an attacker, who has control of a worker node, to provide crafted version data, which might potentially trick an administrator into performing an unsafe action (via escape sequence injection), or might have a data size that causes a denial of service to a bastion node. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T18:31:53.936Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://vin01.github.io/piptagole/docker/security/gitlab/docker-machine/2023/07/07/docker-machine-attack-surface.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://hackerone.com/reports/1916285"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/docker/machine/releases"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-40453",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-09T14:47:07.659763Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-116",
"description": "CWE-116 Improper Encoding or Escaping of Output",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-09T14:49:07.553Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Docker Machine through 0.16.2 allows an attacker, who has control of a worker node, to provide crafted version data, which might potentially trick an administrator into performing an unsafe action (via escape sequence injection), or might have a data size that causes a denial of service to a bastion node. NOTE: This vulnerability only affects products that are no longer supported by the maintainer."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-14T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://vin01.github.io/piptagole/docker/security/gitlab/docker-machine/2023/07/07/docker-machine-attack-surface.html"
},
{
"url": "https://hackerone.com/reports/1916285"
},
{
"url": "https://github.com/docker/machine/releases"
}
],
"tags": [
"unsupported-when-assigned"
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-40453",
"datePublished": "2023-08-14T00:00:00",
"dateReserved": "2023-08-14T00:00:00",
"dateUpdated": "2024-10-09T14:49:07.553Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-34292 (GCVE-0-2022-34292)
Vulnerability from cvelistv5
Published
2023-04-27 00:00
Modified
2025-01-31 19:14
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Docker Desktop for Windows before 4.6.0 allows attackers to overwrite any file through a symlink attack on the hyperv/create dockerBackendV2 API by controlling the DataFolder parameter for DockerDesktop.vhdx, a similar issue to CVE-2022-31647.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T09:07:16.093Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://docs.docker.com/desktop/release-notes/#docker-desktop-460"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.cyberark.com/resources/threat-research-blog/breaking-docker-named-pipes-systematically-docker-desktop-privilege-escalation-part-2"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-34292",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-31T19:13:56.119158Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-59",
"description": "CWE-59 Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-31T19:14:04.794Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Docker Desktop for Windows before 4.6.0 allows attackers to overwrite any file through a symlink attack on the hyperv/create dockerBackendV2 API by controlling the DataFolder parameter for DockerDesktop.vhdx, a similar issue to CVE-2022-31647."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-27T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://docs.docker.com/desktop/release-notes/#docker-desktop-460"
},
{
"url": "https://www.cyberark.com/resources/threat-research-blog/breaking-docker-named-pipes-systematically-docker-desktop-privilege-escalation-part-2"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-34292",
"datePublished": "2023-04-27T00:00:00.000Z",
"dateReserved": "2022-06-22T00:00:00.000Z",
"dateUpdated": "2025-01-31T19:14:04.794Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-31647 (GCVE-0-2022-31647)
Vulnerability from cvelistv5
Published
2023-04-27 00:00
Modified
2025-01-31 19:15
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Docker Desktop before 4.6.0 on Windows allows attackers to delete any file through the hyperv/destroy dockerBackendV2 API via a symlink in the DataFolder parameter, a different vulnerability than CVE-2022-26659.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T07:26:01.278Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://docs.docker.com/desktop/release-notes/#docker-desktop-460"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.cyberark.com/resources/threat-research-blog/breaking-docker-named-pipes-systematically-docker-desktop-privilege-escalation-part-2"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-31647",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-31T19:14:58.089653Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-59",
"description": "CWE-59 Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-31T19:15:25.913Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Docker Desktop before 4.6.0 on Windows allows attackers to delete any file through the hyperv/destroy dockerBackendV2 API via a symlink in the DataFolder parameter, a different vulnerability than CVE-2022-26659."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-27T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://docs.docker.com/desktop/release-notes/#docker-desktop-460"
},
{
"url": "https://www.cyberark.com/resources/threat-research-blog/breaking-docker-named-pipes-systematically-docker-desktop-privilege-escalation-part-2"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-31647",
"datePublished": "2023-04-27T00:00:00.000Z",
"dateReserved": "2022-05-25T00:00:00.000Z",
"dateUpdated": "2025-01-31T19:15:25.913Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-38730 (GCVE-0-2022-38730)
Vulnerability from cvelistv5
Published
2023-04-27 00:00
Modified
2025-01-31 19:10
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Docker Desktop for Windows before 4.6 allows attackers to overwrite any file through the windowscontainers/start dockerBackendV2 API by controlling the data-root field inside the DaemonJSON field in the WindowsContainerStartRequest class. This allows exploiting a symlink vulnerability in ..\dataRoot\network\files\local-kv.db because of a TOCTOU race condition.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T11:02:14.382Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://docs.docker.com/desktop/release-notes/#docker-desktop-460"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.cyberark.com/resources/threat-research-blog/breaking-docker-named-pipes-systematically-docker-desktop-privilege-escalation-part-2"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-38730",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-31T19:09:40.412012Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-59",
"description": "CWE-59 Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-31T19:10:39.528Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Docker Desktop for Windows before 4.6 allows attackers to overwrite any file through the windowscontainers/start dockerBackendV2 API by controlling the data-root field inside the DaemonJSON field in the WindowsContainerStartRequest class. This allows exploiting a symlink vulnerability in ..\\dataRoot\\network\\files\\local-kv.db because of a TOCTOU race condition."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-27T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://docs.docker.com/desktop/release-notes/#docker-desktop-460"
},
{
"url": "https://www.cyberark.com/resources/threat-research-blog/breaking-docker-named-pipes-systematically-docker-desktop-privilege-escalation-part-2"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-38730",
"datePublished": "2023-04-27T00:00:00.000Z",
"dateReserved": "2022-08-24T00:00:00.000Z",
"dateUpdated": "2025-01-31T19:10:39.528Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-37326 (GCVE-0-2022-37326)
Vulnerability from cvelistv5
Published
2023-04-27 00:00
Modified
2025-01-31 19:12
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Docker Desktop for Windows before 4.6.0 allows attackers to delete (or create) any file through the dockerBackendV2 windowscontainers/start API by controlling the pidfile field inside the DaemonJSON field in the WindowsContainerStartRequest class. This can indirectly lead to privilege escalation.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:29:20.897Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://docs.docker.com/desktop/release-notes/#docker-desktop-460"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.cyberark.com/resources/threat-research-blog/breaking-docker-named-pipes-systematically-docker-desktop-privilege-escalation-part-2"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-37326",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-31T19:11:38.795879Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863 Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-31T19:12:59.334Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Docker Desktop for Windows before 4.6.0 allows attackers to delete (or create) any file through the dockerBackendV2 windowscontainers/start API by controlling the pidfile field inside the DaemonJSON field in the WindowsContainerStartRequest class. This can indirectly lead to privilege escalation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-27T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://docs.docker.com/desktop/release-notes/#docker-desktop-460"
},
{
"url": "https://www.cyberark.com/resources/threat-research-blog/breaking-docker-named-pipes-systematically-docker-desktop-privilege-escalation-part-2"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-37326",
"datePublished": "2023-04-27T00:00:00.000Z",
"dateReserved": "2022-08-01T00:00:00.000Z",
"dateUpdated": "2025-01-31T19:12:59.334Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-1802 (GCVE-0-2023-1802)
Vulnerability from cvelistv5
Published
2023-04-06 08:52
Modified
2025-02-10 20:22
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-319 - Cleartext Transmission of Sensitive Information
Summary
In Docker Desktop 4.17.x the Artifactory Integration falls back to sending registry credentials over plain HTTP if the HTTPS health check has failed. A targeted network sniffing attack can lead to a disclosure of sensitive information. Only users who have Access Experimental Features enabled and have logged in to a private registry are affected.
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Docker | Docker Desktop |
Affected:
4.17.0 , < 4.18.0
(semver)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:05:26.143Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"release-notes",
"x_transferred"
],
"url": "https://docs.docker.com/desktop/release-notes/#4180"
},
{
"tags": [
"issue-tracking",
"x_transferred"
],
"url": "https://github.com/docker/for-win/issues/13344"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-1802",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-10T20:22:34.966354Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-10T20:22:38.457Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"Artifactory Integration"
],
"platforms": [
"Windows",
"MacOS",
"Linux"
],
"product": "Docker Desktop",
"vendor": "Docker",
"versions": [
{
"lessThan": "4.18.0",
"status": "affected",
"version": "4.17.0",
"versionType": "semver"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Only users who have the option Access Experimental Features enabled and have logged in to a private registry are affected.\u0026nbsp;"
}
],
"value": "Only users who have the option Access Experimental Features enabled and have logged in to a private registry are affected.\u00a0"
}
],
"datePublic": "2023-04-05T17:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "In Docker Desktop 4.17.x the Artifactory Integration falls back to sending registry credentials over plain HTTP if the HTTPS health check has failed.\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA targeted network sniffing attack can lead to a disclosure of sensitive information. Only users who have Access Experimental Features enabled and have logged in to a private registry are affected. \u003c/span\u003e\u003cbr\u003e"
}
],
"value": "In Docker Desktop 4.17.x the Artifactory Integration falls back to sending registry credentials over plain HTTP if the HTTPS health check has failed.\u00a0A targeted network sniffing attack can lead to a disclosure of sensitive information. Only users who have Access Experimental Features enabled and have logged in to a private registry are affected. \n"
}
],
"impacts": [
{
"capecId": "CAPEC-158",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-158 Sniffing Network Traffic"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-319",
"description": "CWE-319 Cleartext Transmission of Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-06T08:52:19.506Z",
"orgId": "686469e6-3ff6-451b-ab8b-cf5b9e89401e",
"shortName": "Docker"
},
"references": [
{
"tags": [
"release-notes"
],
"url": "https://docs.docker.com/desktop/release-notes/#4180"
},
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/docker/for-win/issues/13344"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": " Update Docker Desktop to version 4.18.0\u003cbr\u003e"
}
],
"value": " Update Docker Desktop to version 4.18.0\n"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "In Docker Desktop 4.17.x the Artifactory Integration falls back to sending registry credentials over plain HTTP if the HTTPS health check has failed",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Disable the Access Experimental Features option from the setting panel\u0026nbsp;"
}
],
"value": "Disable the Access Experimental Features option from the setting panel\u00a0"
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "686469e6-3ff6-451b-ab8b-cf5b9e89401e",
"assignerShortName": "Docker",
"cveId": "CVE-2023-1802",
"datePublished": "2023-04-06T08:52:19.506Z",
"dateReserved": "2023-04-03T10:20:15.739Z",
"dateUpdated": "2025-02-10T20:22:38.457Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-0629 (GCVE-0-2023-0629)
Vulnerability from cvelistv5
Published
2023-03-13 11:16
Modified
2025-02-27 20:12
Severity ?
VLAI Severity ?
EPSS score ?
Summary
Docker Desktop before 4.17.0 allows an unprivileged user to bypass Enhanced Container Isolation (ECI) restrictions by setting the Docker host to docker.raw.sock, or npipe:////.pipe/docker_engine_linux on Windows, via the -H (--host) CLI flag or the DOCKER_HOST environment variable and launch containers without the additional hardening features provided by ECI. This would not affect already running containers, nor containers launched through the usual approach (without Docker's raw socket).
The affected functionality is available for Docker Business customers only and assumes an environment where users are not granted local root or Administrator privileges.
This issue has been fixed in Docker Desktop 4.17.0.
Affected Docker Desktop versions: from 4.13.0 before 4.17.0.
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Docker Inc. | Docker Desktop |
Affected:
4.13.0 , < 4.17.0
(semver)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:17:50.272Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"release-notes",
"x_transferred"
],
"url": "https://docs.docker.com/desktop/release-notes/#4170"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-0629",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-27T20:07:27.576557Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-27T20:12:56.479Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"Settings Management",
"Enhanced Container Isolation"
],
"platforms": [
"MacOS",
"Windows (Hyper-V)",
"Linux"
],
"product": "Docker Desktop",
"vendor": "Docker Inc.",
"versions": [
{
"lessThan": "4.17.0",
"status": "affected",
"version": "4.13.0",
"versionType": "semver"
}
]
}
],
"datePublic": "2023-03-13T11:15:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Docker Desktop before 4.17.0 allows an unprivileged user to bypass Enhanced Container Isolation (ECI) restrictions by setting the Docker host to \u003ctt\u003edocker.raw.sock\u003c/tt\u003e, or \u003ctt\u003enpipe:////.pipe/docker_engine_linux\u003c/tt\u003e on Windows, via the \u003ctt\u003e-H\u003c/tt\u003e (\u003ctt\u003e--host\u003c/tt\u003e) CLI flag or the \u003ctt\u003eDOCKER_HOST\u003c/tt\u003e environment variable and launch containers without the additional hardening features provided by ECI. This would not affect already running containers, nor containers launched through the usual approach (without Docker\u0027s raw socket).\u003cbr\u003e\u003cbr\u003eThe affected functionality is available for Docker Business customers only and assumes an environment where users are not granted local root or Administrator privileges.\u003cbr\u003e\u003cp\u003eThis issue has been fixed in Docker Desktop 4.17.0. \u003cbr\u003e\u003cbr\u003eAffected Docker Desktop versions: from 4.13.0 before 4.17.0.\u003c/p\u003e"
}
],
"value": "Docker Desktop before 4.17.0 allows an unprivileged user to bypass Enhanced Container Isolation (ECI) restrictions by setting the Docker host to docker.raw.sock, or npipe:////.pipe/docker_engine_linux on Windows, via the -H (--host) CLI flag or the DOCKER_HOST environment variable and launch containers without the additional hardening features provided by ECI. This would not affect already running containers, nor containers launched through the usual approach (without Docker\u0027s raw socket).\n\nThe affected functionality is available for Docker Business customers only and assumes an environment where users are not granted local root or Administrator privileges.\nThis issue has been fixed in Docker Desktop 4.17.0. \n\nAffected Docker Desktop versions: from 4.13.0 before 4.17.0.\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-554",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-554 Functionality Bypass"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-424",
"description": "CWE-424: Improper Protection of Alternate Path",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-501",
"description": "CWE-501: Trust Boundary Violation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-13T11:16:41.171Z",
"orgId": "686469e6-3ff6-451b-ab8b-cf5b9e89401e",
"shortName": "Docker"
},
"references": [
{
"tags": [
"release-notes"
],
"url": "https://docs.docker.com/desktop/release-notes/#4170"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "Docker Desktop before 4.17.0 allows an unprivileged user to bypass Enhanced Container Isolation restrictions via the raw Docker socket and launch privileged containers",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "686469e6-3ff6-451b-ab8b-cf5b9e89401e",
"assignerShortName": "Docker",
"cveId": "CVE-2023-0629",
"datePublished": "2023-03-13T11:16:41.171Z",
"dateReserved": "2023-02-01T22:40:41.487Z",
"dateUpdated": "2025-02-27T20:12:56.479Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-0628 (GCVE-0-2023-0628)
Vulnerability from cvelistv5
Published
2023-03-13 11:16
Modified
2025-02-27 19:58
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')
Summary
Docker Desktop before 4.17.0 allows an attacker to execute an arbitrary command inside a Dev Environments container during initialization by tricking a user to open a crafted malicious docker-desktop:// URL.
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Docker Inc. | Docker Desktop |
Affected:
0 , < 4.17.0
(semver)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:17:50.327Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"release-notes",
"x_transferred"
],
"url": "https://docs.docker.com/desktop/release-notes/#4170"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-0628",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-27T19:57:54.500891Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-27T19:58:18.915Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"Dev Environments"
],
"platforms": [
"Windows",
"MacOS",
"Linux"
],
"product": "Docker Desktop",
"vendor": "Docker Inc.",
"versions": [
{
"lessThan": "4.17.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "@suanve"
}
],
"datePublic": "2023-03-13T11:15:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Docker Desktop before 4.17.0 allows an attacker to execute an arbitrary command inside a Dev Environments container during initialization by tricking a user to open a crafted malicious \u003ctt\u003edocker-desktop://\u003c/tt\u003e URL."
}
],
"value": "Docker Desktop before 4.17.0 allows an attacker to execute an arbitrary command inside a Dev Environments container during initialization by tricking a user to open a crafted malicious docker-desktop:// URL."
}
],
"impacts": [
{
"capecId": "CAPEC-248",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-248 Command Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "CWE-77 Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-13T12:52:38.039Z",
"orgId": "686469e6-3ff6-451b-ab8b-cf5b9e89401e",
"shortName": "Docker"
},
"references": [
{
"tags": [
"release-notes"
],
"url": "https://docs.docker.com/desktop/release-notes/#4170"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Docker Desktop before 4.17.0 allows an attacker to execute an arbitrary command inside a Dev Environments container during initialization by tricking a user to open a crafted malicious docker-desktop:// URL",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "686469e6-3ff6-451b-ab8b-cf5b9e89401e",
"assignerShortName": "Docker",
"cveId": "CVE-2023-0628",
"datePublished": "2023-03-13T11:16:30.426Z",
"dateReserved": "2023-02-01T22:39:05.609Z",
"dateUpdated": "2025-02-27T19:58:18.915Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-44719 (GCVE-0-2021-44719)
Vulnerability from cvelistv5
Published
2022-05-25 15:31
Modified
2024-08-04 04:32
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Docker Desktop 4.3.0 has Incorrect Access Control.
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T04:32:12.296Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://docs.docker.com/desktop/mac/release-notes/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://docs.docker.com/desktop/windows/release-notes/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://docs.docker.com/desktop/release-notes/#security-2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Docker Desktop 4.3.0 has Incorrect Access Control."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-25T15:31:52",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://docs.docker.com/desktop/mac/release-notes/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://docs.docker.com/desktop/windows/release-notes/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://docs.docker.com/desktop/release-notes/#security-2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-44719",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Docker Desktop 4.3.0 has Incorrect Access Control."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://docs.docker.com/desktop/mac/release-notes/",
"refsource": "MISC",
"url": "https://docs.docker.com/desktop/mac/release-notes/"
},
{
"name": "https://docs.docker.com/desktop/windows/release-notes/",
"refsource": "MISC",
"url": "https://docs.docker.com/desktop/windows/release-notes/"
},
{
"name": "https://docs.docker.com/desktop/release-notes/#security-2",
"refsource": "MISC",
"url": "https://docs.docker.com/desktop/release-notes/#security-2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-44719",
"datePublished": "2022-05-25T15:31:52",
"dateReserved": "2021-12-07T00:00:00",
"dateUpdated": "2024-08-04T04:32:12.296Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}