github - ghsa-623v-x3rr-q8qh

ghsa-623v-x3rr-q8qh

Vulnerability from github

Published

2023-03-13 12:30

Modified

2023-03-16 15:30

Severity ?

7.1 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Details

Docker Desktop before 4.17.0 allows an unprivileged user to bypass Enhanced Container Isolation (ECI) restrictions by setting the Docker host to docker.raw.sock, or npipe:////.pipe/docker_engine_linux on Windows, via the -H (--host) CLI flag or the DOCKER_HOST environment variable and launch containers without the additional hardening features provided by ECI. This would not affect already running containers, nor containers launched through the usual approach (without Docker's raw socket). The affected functionality is available for Docker Business customers only and assumes an environment where users are not granted local root or Administrator privileges. This issue has been fixed in Docker Desktop 4.17.0. Affected Docker Desktop versions: from 4.13.0 before 4.17.0.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2023-0629"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-03-13T12:15:00Z",
    "severity": "HIGH"
  },
  "details": "Docker Desktop before 4.17.0 allows an unprivileged user to bypass Enhanced Container Isolation (ECI) restrictions by setting the Docker host to docker.raw.sock, or npipe:////.pipe/docker_engine_linux on Windows, via the -H (--host) CLI flag or the DOCKER_HOST environment variable and launch containers without the additional hardening features provided by ECI. This would not affect already running containers, nor containers launched through the usual approach (without Docker\u0027s raw socket). The affected functionality is available for Docker Business customers only and assumes an environment where users are not granted local root or Administrator privileges. This issue has been fixed in Docker Desktop 4.17.0. Affected Docker Desktop versions: from 4.13.0 before 4.17.0.",
  "id": "GHSA-623v-x3rr-q8qh",
  "modified": "2023-03-16T15:30:19Z",
  "published": "2023-03-13T12:30:17Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0629"
    },
    {
      "type": "WEB",
      "url": "https://docs.docker.com/desktop/release-notes/#4170"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

cve-2023-0629

Vulnerability from cvelistv5

Published

2023-03-13 11:16

Modified

2024-08-02 05:17

Severity ?

7.1 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Summary

Docker Desktop before 4.17.0 allows an unprivileged user to bypass Enhanced Container Isolation restrictions via the raw Docker socket and launch privileged containers

References

▼	URL	Tags
	https://docs.docker.com/desktop/release-notes/#4170	release-notes

Impacted products

Vendor

Product

Version

▼

Docker Inc.

Docker Desktop

Version: 4.13.0 ≤

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T05:17:50.272Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "release-notes",
              "x_transferred"
            ],
            "url": "https://docs.docker.com/desktop/release-notes/#4170"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "modules": [
            "Settings Management",
            "Enhanced Container Isolation"
          ],
          "platforms": [
            "MacOS",
            "Windows (Hyper-V)",
            "Linux"
          ],
          "product": "Docker Desktop",
          "vendor": "Docker Inc.",
          "versions": [
            {
              "lessThan": "4.17.0",
              "status": "affected",
              "version": "4.13.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "datePublic": "2023-03-13T11:15:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Docker Desktop before 4.17.0 allows an unprivileged user to bypass Enhanced Container Isolation (ECI) restrictions by setting the Docker host to \u003ctt\u003edocker.raw.sock\u003c/tt\u003e, or \u003ctt\u003enpipe:////.pipe/docker_engine_linux\u003c/tt\u003e on Windows, via the \u003ctt\u003e-H\u003c/tt\u003e (\u003ctt\u003e--host\u003c/tt\u003e) CLI flag or the \u003ctt\u003eDOCKER_HOST\u003c/tt\u003e environment variable and launch containers without the additional hardening features provided by ECI. This would not affect already running containers, nor containers launched through the usual approach (without Docker\u0027s raw socket).\u003cbr\u003e\u003cbr\u003eThe affected functionality is available for Docker Business customers only and assumes an environment where users are not granted local root or Administrator privileges.\u003cbr\u003e\u003cp\u003eThis issue has been fixed in Docker Desktop 4.17.0. \u003cbr\u003e\u003cbr\u003eAffected Docker Desktop versions: from 4.13.0 before 4.17.0.\u003c/p\u003e"
            }
          ],
          "value": "Docker Desktop before 4.17.0 allows an unprivileged user to bypass Enhanced Container Isolation (ECI) restrictions by setting the Docker host to docker.raw.sock, or npipe:////.pipe/docker_engine_linux on Windows, via the -H (--host) CLI flag or the DOCKER_HOST environment variable and launch containers without the additional hardening features provided by ECI. This would not affect already running containers, nor containers launched through the usual approach (without Docker\u0027s raw socket).\n\nThe affected functionality is available for Docker Business customers only and assumes an environment where users are not granted local root or Administrator privileges.\nThis issue has been fixed in Docker Desktop 4.17.0. \n\nAffected Docker Desktop versions: from 4.13.0 before 4.17.0.\n\n"
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-554",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-554 Functionality Bypass"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-424",
              "description": "CWE-424: Improper Protection of Alternate Path",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-501",
              "description": "CWE-501: Trust Boundary Violation",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-03-13T11:16:41.171Z",
        "orgId": "686469e6-3ff6-451b-ab8b-cf5b9e89401e",
        "shortName": "Docker"
      },
      "references": [
        {
          "tags": [
            "release-notes"
          ],
          "url": "https://docs.docker.com/desktop/release-notes/#4170"
        }
      ],
      "source": {
        "discovery": "INTERNAL"
      },
      "title": "Docker Desktop before 4.17.0 allows an unprivileged user to bypass Enhanced Container Isolation restrictions via the raw Docker socket and launch privileged containers",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "686469e6-3ff6-451b-ab8b-cf5b9e89401e",
    "assignerShortName": "Docker",
    "cveId": "CVE-2023-0629",
    "datePublished": "2023-03-13T11:16:41.171Z",
    "dateReserved": "2023-02-01T22:40:41.487Z",
    "dateUpdated": "2024-08-02T05:17:50.272Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted