CVE-2023-1802 (GCVE-0-2023-1802)

Vulnerability from cvelistv5 – Published: 2023-04-06 08:52 – Updated: 2025-02-10 20:22
VLAI?
Title
In Docker Desktop 4.17.x the Artifactory Integration falls back to sending registry credentials over plain HTTP if the HTTPS health check has failed
Summary
In Docker Desktop 4.17.x the Artifactory Integration falls back to sending registry credentials over plain HTTP if the HTTPS health check has failed. A targeted network sniffing attack can lead to a disclosure of sensitive information. Only users who have Access Experimental Features enabled and have logged in to a private registry are affected.
Severity ?
5.9 (Medium)
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
CWE
  • CWE-319 - Cleartext Transmission of Sensitive Information
Assigner
References
Impacted products
Vendor Product Version
Docker Docker Desktop Affected: 4.17.0 , < 4.18.0 (semver)
Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T06:05:26.143Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "release-notes",
              "x_transferred"
            ],
            "url": "https://docs.docker.com/desktop/release-notes/#4180"
          },
          {
            "tags": [
              "issue-tracking",
              "x_transferred"
            ],
            "url": "https://github.com/docker/for-win/issues/13344"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-1802",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-10T20:22:34.966354Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-02-10T20:22:38.457Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "modules": [
            "Artifactory Integration"
          ],
          "platforms": [
            "Windows",
            "MacOS",
            "Linux"
          ],
          "product": "Docker Desktop",
          "vendor": "Docker",
          "versions": [
            {
              "lessThan": "4.18.0",
              "status": "affected",
              "version": "4.17.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "configurations": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Only users who have the option Access Experimental Features enabled and have logged in to a private registry are affected.\u0026nbsp;"
            }
          ],
          "value": "Only users who have the option Access Experimental Features enabled and have logged in to a private registry are affected.\u00a0"
        }
      ],
      "datePublic": "2023-04-05T17:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "In Docker Desktop 4.17.x the Artifactory Integration falls back to sending registry credentials over plain HTTP if the HTTPS health check has failed.\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA targeted network sniffing attack can lead to a disclosure of sensitive information. Only users who have Access Experimental Features enabled and have logged in to a private registry are affected. \u003c/span\u003e\u003cbr\u003e"
            }
          ],
          "value": "In Docker Desktop 4.17.x the Artifactory Integration falls back to sending registry credentials over plain HTTP if the HTTPS health check has failed.\u00a0A targeted network sniffing attack can lead to a disclosure of sensitive information. Only users who have Access Experimental Features enabled and have logged in to a private registry are affected. \n"
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-158",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-158 Sniffing Network Traffic"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-319",
              "description": "CWE-319 Cleartext Transmission of Sensitive Information",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-04-06T08:52:19.506Z",
        "orgId": "686469e6-3ff6-451b-ab8b-cf5b9e89401e",
        "shortName": "Docker"
      },
      "references": [
        {
          "tags": [
            "release-notes"
          ],
          "url": "https://docs.docker.com/desktop/release-notes/#4180"
        },
        {
          "tags": [
            "issue-tracking"
          ],
          "url": "https://github.com/docker/for-win/issues/13344"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": " Update Docker Desktop to version 4.18.0\u003cbr\u003e"
            }
          ],
          "value": " Update Docker Desktop to version 4.18.0\n"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "In Docker Desktop 4.17.x the Artifactory Integration falls back to sending registry credentials over plain HTTP if the HTTPS health check has failed",
      "workarounds": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Disable the Access Experimental Features option from the setting panel\u0026nbsp;"
            }
          ],
          "value": "Disable the Access Experimental Features option from the setting panel\u00a0"
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "686469e6-3ff6-451b-ab8b-cf5b9e89401e",
    "assignerShortName": "Docker",
    "cveId": "CVE-2023-1802",
    "datePublished": "2023-04-06T08:52:19.506Z",
    "dateReserved": "2023-04-03T10:20:15.739Z",
    "dateUpdated": "2025-02-10T20:22:38.457Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:docker:desktop:4.17.0:*:*:*:*:windows:*:*\", \"matchCriteriaId\": \"D7217294-76FA-466D-A46E-85076F041746\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:docker:desktop:4.17.1:*:*:*:*:windows:*:*\", \"matchCriteriaId\": \"DBBD80F7-7DA0-4B5C-A384-C817C777F585\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"In Docker Desktop 4.17.x the Artifactory Integration falls back to sending registry credentials over plain HTTP if the HTTPS health check has failed.\\u00a0A targeted network sniffing attack can lead to a disclosure of sensitive information. Only users who have Access Experimental Features enabled and have logged in to a private registry are affected. \\n\"}]",
      "id": "CVE-2023-1802",
      "lastModified": "2024-11-21T07:39:56.090",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"security@docker.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N\", \"baseScore\": 5.9, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 2.2, \"impactScore\": 3.6}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\", \"baseScore\": 7.5, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 3.6}]}",
      "published": "2023-04-06T09:15:07.030",
      "references": "[{\"url\": \"https://docs.docker.com/desktop/release-notes/#4180\", \"source\": \"security@docker.com\", \"tags\": [\"Release Notes\"]}, {\"url\": \"https://github.com/docker/for-win/issues/13344\", \"source\": \"security@docker.com\", \"tags\": [\"Exploit\"]}, {\"url\": \"https://docs.docker.com/desktop/release-notes/#4180\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Release Notes\"]}, {\"url\": \"https://github.com/docker/for-win/issues/13344\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\"]}]",
      "sourceIdentifier": "security@docker.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"security@docker.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-319\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-319\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2023-1802\",\"sourceIdentifier\":\"security@docker.com\",\"published\":\"2023-04-06T09:15:07.030\",\"lastModified\":\"2024-11-21T07:39:56.090\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In Docker Desktop 4.17.x the Artifactory Integration falls back to sending registry credentials over plain HTTP if the HTTPS health check has failed.\u00a0A targeted network sniffing attack can lead to a disclosure of sensitive information. Only users who have Access Experimental Features enabled and have logged in to a private registry are affected. \\n\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security@docker.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":5.9,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.2,\"impactScore\":3.6},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"security@docker.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-319\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-319\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:docker:desktop:4.17.0:*:*:*:*:windows:*:*\",\"matchCriteriaId\":\"D7217294-76FA-466D-A46E-85076F041746\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:docker:desktop:4.17.1:*:*:*:*:windows:*:*\",\"matchCriteriaId\":\"DBBD80F7-7DA0-4B5C-A384-C817C777F585\"}]}]}],\"references\":[{\"url\":\"https://docs.docker.com/desktop/release-notes/#4180\",\"source\":\"security@docker.com\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://github.com/docker/for-win/issues/13344\",\"source\":\"security@docker.com\",\"tags\":[\"Exploit\"]},{\"url\":\"https://docs.docker.com/desktop/release-notes/#4180\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://github.com/docker/for-win/issues/13344\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://docs.docker.com/desktop/release-notes/#4180\", \"tags\": [\"release-notes\", \"x_transferred\"]}, {\"url\": \"https://github.com/docker/for-win/issues/13344\", \"tags\": [\"issue-tracking\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-02T06:05:26.143Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2023-1802\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-02-10T20:22:34.966354Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-02-10T20:22:21.284Z\"}}], \"cna\": {\"title\": \"In Docker Desktop 4.17.x the Artifactory Integration falls back to sending registry credentials over plain HTTP if the HTTPS health check has failed\", \"source\": {\"discovery\": \"EXTERNAL\"}, \"impacts\": [{\"capecId\": \"CAPEC-158\", \"descriptions\": [{\"lang\": \"en\", \"value\": \"CAPEC-158 Sniffing Network Traffic\"}]}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 5.9, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"HIGH\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"Docker\", \"modules\": [\"Artifactory Integration\"], \"product\": \"Docker Desktop\", \"versions\": [{\"status\": \"affected\", \"version\": \"4.17.0\", \"lessThan\": \"4.18.0\", \"versionType\": \"semver\"}], \"platforms\": [\"Windows\", \"MacOS\", \"Linux\"], \"defaultStatus\": \"unaffected\"}], \"solutions\": [{\"lang\": \"en\", \"value\": \" Update Docker Desktop to version 4.18.0\\n\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \" Update Docker Desktop to version 4.18.0\u003cbr\u003e\", \"base64\": false}]}], \"datePublic\": \"2023-04-05T17:00:00.000Z\", \"references\": [{\"url\": \"https://docs.docker.com/desktop/release-notes/#4180\", \"tags\": [\"release-notes\"]}, {\"url\": \"https://github.com/docker/for-win/issues/13344\", \"tags\": [\"issue-tracking\"]}], \"workarounds\": [{\"lang\": \"en\", \"value\": \"Disable the Access Experimental Features option from the setting panel\\u00a0\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"Disable the Access Experimental Features option from the setting panel\u0026nbsp;\", \"base64\": false}]}], \"x_generator\": {\"engine\": \"Vulnogram 0.1.0-dev\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"In Docker Desktop 4.17.x the Artifactory Integration falls back to sending registry credentials over plain HTTP if the HTTPS health check has failed.\\u00a0A targeted network sniffing attack can lead to a disclosure of sensitive information. Only users who have Access Experimental Features enabled and have logged in to a private registry are affected. \\n\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"In Docker Desktop 4.17.x the Artifactory Integration falls back to sending registry credentials over plain HTTP if the HTTPS health check has failed.\u0026nbsp;\u003cspan style=\\\"background-color: rgb(255, 255, 255);\\\"\u003eA targeted network sniffing attack can lead to a disclosure of sensitive information. Only users who have Access Experimental Features enabled and have logged in to a private registry are affected. \u003c/span\u003e\u003cbr\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-319\", \"description\": \"CWE-319 Cleartext Transmission of Sensitive Information\"}]}], \"configurations\": [{\"lang\": \"en\", \"value\": \"Only users who have the option Access Experimental Features enabled and have logged in to a private registry are affected.\\u00a0\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"Only users who have the option Access Experimental Features enabled and have logged in to a private registry are affected.\u0026nbsp;\", \"base64\": false}]}], \"providerMetadata\": {\"orgId\": \"686469e6-3ff6-451b-ab8b-cf5b9e89401e\", \"shortName\": \"Docker\", \"dateUpdated\": \"2023-04-06T08:52:19.506Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2023-1802\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-02-10T20:22:38.457Z\", \"dateReserved\": \"2023-04-03T10:20:15.739Z\", \"assignerOrgId\": \"686469e6-3ff6-451b-ab8b-cf5b9e89401e\", \"datePublished\": \"2023-04-06T08:52:19.506Z\", \"assignerShortName\": \"Docker\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.