Search

Find a vulnerability

Search criteria

    34 vulnerabilities

    CVE-2026-12539 (GCVE-0-2026-12539)

    Vulnerability from cvelistv5 – Published: 2026-06-18 13:51 – Updated: 2026-06-30 16:33
    VLAI
    Title
    Docker Sandboxes ICMP egress restriction bypass after daemon restart
    Summary
    Docker Sandboxes (sbx) blocks ICMP egress with an authorizer applied only at network-creation time, and does not re-apply it to networks rebuilt from disk when the Docker daemon restarts, so a restart-surviving sandbox forwards ICMP to arbitrary hosts. A workload inside a sandbox, which the threat model treats as untrusted, can therefore defeat the documented ICMP egress block to perform network reconnaissance and exfiltrate data over an ICMP covert channel, regardless of the configured allowlist.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-923 - Improper Restriction of Communication Channel to Intended Endpoints
    • CWE-665 - Improper Initialization
    Assigner
    Impacted products
    Vendor Product Version
    Docker Docker Sandboxes Affected: 0.14.0 , < 0.33.0 (semver)
        cpe:2.3:a:docker:sandboxes:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-12539",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-18T14:54:40.780021Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-18T14:56:02.329Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:docker:sandboxes:*:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "platforms": [
                "MacOS",
                "Linux",
                "Windows"
              ],
              "product": "Docker Sandboxes",
              "vendor": "Docker",
              "versions": [
                {
                  "lessThan": "0.33.0",
                  "status": "affected",
                  "version": "0.14.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Docker Sandboxes (sbx) blocks ICMP egress with an authorizer applied only at network-creation time, and does not re-apply it to networks rebuilt from disk when the Docker daemon restarts, so a restart-surviving sandbox forwards ICMP to arbitrary hosts. A workload inside a sandbox, which the threat model treats as untrusted, can therefore defeat the documented ICMP egress block to perform network reconnaissance and exfiltrate data over an ICMP covert channel, regardless of the configured allowlist."
                }
              ],
              "value": "Docker Sandboxes (sbx) blocks ICMP egress with an authorizer applied only at network-creation time, and does not re-apply it to networks rebuilt from disk when the Docker daemon restarts, so a restart-surviving sandbox forwards ICMP to arbitrary hosts. A workload inside a sandbox, which the threat model treats as untrusted, can therefore defeat the documented ICMP egress block to perform network reconnaissance and exfiltrate data over an ICMP covert channel, regardless of the configured allowlist."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-554",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-554 Functionality Bypass"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "PRESENT",
                "attackVector": "LOCAL",
                "baseScore": 5.1,
                "baseSeverity": "MEDIUM",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-923",
                  "description": "CWE-923: Improper Restriction of Communication Channel to Intended Endpoints",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-665",
                  "description": "CWE-665: Improper Initialization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-30T16:33:30.940Z",
            "orgId": "686469e6-3ff6-451b-ab8b-cf5b9e89401e",
            "shortName": "Docker"
          },
          "references": [
            {
              "tags": [
                "product"
              ],
              "url": "https://docs.docker.com/ai/sandboxes/"
            },
            {
              "tags": [
                "release-notes"
              ],
              "url": "https://github.com/docker/sbx-releases/releases/tag/v0.33.0"
            }
          ],
          "source": {
            "discovery": "INTERNAL"
          },
          "title": "Docker Sandboxes ICMP egress restriction bypass after daemon restart"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "686469e6-3ff6-451b-ab8b-cf5b9e89401e",
        "assignerShortName": "Docker",
        "cveId": "CVE-2026-12539",
        "datePublished": "2026-06-18T13:51:13.588Z",
        "dateReserved": "2026-06-17T15:31:11.749Z",
        "dateUpdated": "2026-06-30T16:33:30.940Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-12039 (GCVE-0-2026-12039)

    Vulnerability from cvelistv5 – Published: 2026-06-18 13:48 – Updated: 2026-06-30 16:37
    VLAI
    Title
    Docker Sandboxes network egress allowlist bypass via unfiltered DNS resolution
    Summary
    Docker Sandboxes (sbx) enforces an HTTP/S-only egress allowlist but does not apply it to DNS resolution: the per-network embedded DNS server forwards any queried name to the host resolver whenever the network is internet-connected, without consulting the policy. A workload inside a sandbox, which the threat model treats as untrusted, can therefore encode data into DNS labels for an attacker-controlled domain and exfiltrate it through a DNS covert channel, bypassing the configured allowlist.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-923 - Improper Restriction of Communication Channel to Intended Endpoints
    Assigner
    Impacted products
    Vendor Product Version
    Docker Docker Sandboxes Affected: 0.13.0 , < 0.33.0 (semver)
        cpe:2.3:a:docker:sandboxes:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    Sophie Lemos
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-12039",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-18T15:00:00.773890Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-18T15:00:24.095Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:docker:sandboxes:*:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "platforms": [
                "MacOS",
                "Linux",
                "Windows"
              ],
              "product": "Docker Sandboxes",
              "vendor": "Docker",
              "versions": [
                {
                  "lessThan": "0.33.0",
                  "status": "affected",
                  "version": "0.13.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Sophie Lemos"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Docker Sandboxes (sbx) enforces an HTTP/S-only egress allowlist but does not apply it to DNS resolution: the per-network embedded DNS server forwards any queried name to the host resolver whenever the network is internet-connected, without consulting the policy. A workload inside a sandbox, which the threat model treats as untrusted, can therefore encode data into DNS labels for an attacker-controlled domain and exfiltrate it through a DNS covert channel, bypassing the configured allowlist."
                }
              ],
              "value": "Docker Sandboxes (sbx) enforces an HTTP/S-only egress allowlist but does not apply it to DNS resolution: the per-network embedded DNS server forwards any queried name to the host resolver whenever the network is internet-connected, without consulting the policy. A workload inside a sandbox, which the threat model treats as untrusted, can therefore encode data into DNS labels for an attacker-controlled domain and exfiltrate it through a DNS covert channel, bypassing the configured allowlist."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-554",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-554 Functionality Bypass"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "PRESENT",
                "attackVector": "LOCAL",
                "baseScore": 5.7,
                "baseSeverity": "MEDIUM",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-923",
                  "description": "CWE-923: Improper Restriction of Communication Channel to Intended Endpoints",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-30T16:37:53.157Z",
            "orgId": "686469e6-3ff6-451b-ab8b-cf5b9e89401e",
            "shortName": "Docker"
          },
          "references": [
            {
              "tags": [
                "product"
              ],
              "url": "https://docs.docker.com/ai/sandboxes/"
            },
            {
              "tags": [
                "release-notes"
              ],
              "url": "https://github.com/docker/sbx-releases/releases/tag/v0.33.0"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Docker Sandboxes network egress allowlist bypass via unfiltered DNS resolution"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "686469e6-3ff6-451b-ab8b-cf5b9e89401e",
        "assignerShortName": "Docker",
        "cveId": "CVE-2026-12039",
        "datePublished": "2026-06-18T13:48:14.682Z",
        "dateReserved": "2026-06-11T19:23:44.967Z",
        "dateUpdated": "2026-06-30T16:37:53.157Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-8936 (GCVE-0-2026-8936)

    Vulnerability from cvelistv5 – Published: 2026-06-02 21:09 – Updated: 2026-06-03 14:08
    VLAI
    Title
    Unbounded recursion in grpcfuse kernel module allows container to crash Docker Desktop VM
    Summary
    Fixed a VM panic caused by unbounded recursion in the grpcfuse kernel module when a container created deeply nested directories on a bind-mounted host folder and triggered a dentry invalidation event. This issue has been fixed in Docker Desktop 4.76.0.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Docker Docker Desktop Affected: 4.33.0 , < 4.76.0 (semver)
    Create a notification for this product.
    Credits
    Nitesh Surana of TrendAI Research of Trend Micro
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-8936",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-03T13:53:15.746166Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-03T14:08:05.541Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows",
                "MacOS",
                "Linux"
              ],
              "product": "Docker Desktop",
              "vendor": "Docker",
              "versions": [
                {
                  "lessThan": "4.76.0",
                  "status": "affected",
                  "version": "4.33.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Nitesh Surana of TrendAI Research of Trend Micro"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Fixed a VM panic caused by unbounded recursion in the grpcfuse kernel module when a container created deeply nested directories on a bind-mounted host folder and triggered a dentry invalidation event. This issue has been fixed in Docker Desktop 4.76.0.\u003cbr\u003e"
                }
              ],
              "value": "Fixed a VM panic caused by unbounded recursion in the grpcfuse kernel module when a container created deeply nested directories on a bind-mounted host folder and triggered a dentry invalidation event. This issue has been fixed in Docker Desktop 4.76.0."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "USER",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "LOCAL",
                "baseScore": 8.2,
                "baseSeverity": "HIGH",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "HIGH",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H/R:U",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-674",
                  "description": "CWE-674 Uncontrolled Recursion",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-02T21:09:03.375Z",
            "orgId": "686469e6-3ff6-451b-ab8b-cf5b9e89401e",
            "shortName": "Docker"
          },
          "references": [
            {
              "url": "https://docs.docker.com/desktop/release-notes/#4760"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Unbounded recursion in grpcfuse kernel module allows container to crash Docker Desktop VM",
          "x_generator": {
            "engine": "Vulnogram 0.5.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "686469e6-3ff6-451b-ab8b-cf5b9e89401e",
        "assignerShortName": "Docker",
        "cveId": "CVE-2026-8936",
        "datePublished": "2026-06-02T21:09:03.375Z",
        "dateReserved": "2026-05-19T11:32:59.932Z",
        "dateUpdated": "2026-06-03T14:08:05.541Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-5843 (GCVE-0-2026-5843)

    Vulnerability from cvelistv5 – Published: 2026-05-22 19:28 – Updated: 2026-05-27 03:55
    VLAI
    Title
    Docker Model Runner container-to-host code execution via MLX-LM model_file importlib loading
    Summary
    The MLX inference backend in Docker Model Runner on macOS uses the MLX-LM library, which unconditionally imports and executes arbitrary Python files from model directories via the model_file configuration field in config.json. When a model's config.json specifies a model_file pointing to a Python file, MLX-LM uses importlib to load and execute it with no trust_remote_code gate or equivalent safety check. The MLX backend runs without sandboxing, resulting in arbitrary code execution on the Docker host as the Docker Desktop user. Any container on the Docker network can trigger this by calling the model-runner.docker.internal API to pull a malicious model from an attacker-controlled OCI registry and request inference.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-829 - Inclusion of Functionality from Untrusted Control Sphere
    Assigner
    References
    Impacted products
    Vendor Product Version
    Docker Docker Desktop Affected: 4.56.0 , < 4.71.0 (semver)
    Create a notification for this product.
    Credits
    David Rochester (@davidrxchester) Nicholas Gould (@gouldnicholas)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-5843",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-26T00:00:00+00:00",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-27T03:55:38.188Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "MacOS"
              ],
              "product": "Docker Desktop",
              "vendor": "Docker",
              "versions": [
                {
                  "lessThan": "4.71.0",
                  "status": "affected",
                  "version": "4.56.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "configurations": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Docker Model Runner enabled with the MLX inference backend on macOS"
                }
              ],
              "value": "Docker Model Runner enabled with the MLX inference backend on macOS"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "David Rochester (@davidrxchester)"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "Nicholas Gould (@gouldnicholas)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "The MLX inference backend in Docker Model Runner on macOS uses the MLX-LM library, which unconditionally imports and executes arbitrary Python files from model directories via the \u003ccode\u003emodel_file\u003c/code\u003e configuration field in \u003ccode\u003econfig.json\u003c/code\u003e. When a model\u0027s \u003ccode\u003econfig.json\u003c/code\u003e specifies a \u003ccode\u003emodel_file\u003c/code\u003e pointing to a Python file, MLX-LM uses \u003ccode\u003eimportlib\u003c/code\u003e to load and execute it with no \u003ccode\u003etrust_remote_code\u003c/code\u003e gate or equivalent safety check. The MLX backend runs without sandboxing, resulting in arbitrary code execution on the Docker host as the Docker Desktop user.\u003cbr\u003e\u003cbr\u003eAny container on the Docker network can trigger this by calling the \u003ccode\u003emodel-runner.docker.internal\u003c/code\u003e API to pull a malicious model from an attacker-controlled OCI registry and request inference."
                }
              ],
              "value": "The MLX inference backend in Docker Model Runner on macOS uses the MLX-LM library, which unconditionally imports and executes arbitrary Python files from model directories via the model_file configuration field in config.json. When a model\u0027s config.json specifies a model_file pointing to a Python file, MLX-LM uses importlib to load and execute it with no trust_remote_code gate or equivalent safety check. The MLX backend runs without sandboxing, resulting in arbitrary code execution on the Docker host as the Docker Desktop user.\n\nAny container on the Docker network can trigger this by calling the model-runner.docker.internal API to pull a malicious model from an attacker-controlled OCI registry and request inference."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-480",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-480 Escaping Virtualization"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "PRESENT",
                "attackVector": "LOCAL",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "HIGH",
                "subConfidentialityImpact": "HIGH",
                "subIntegrityImpact": "HIGH",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 8.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-829",
                  "description": "CWE-829: Inclusion of Functionality from Untrusted Control Sphere",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-22T19:28:38.857Z",
            "orgId": "686469e6-3ff6-451b-ab8b-cf5b9e89401e",
            "shortName": "Docker"
          },
          "references": [
            {
              "tags": [
                "release-notes"
              ],
              "url": "https://docs.docker.com/desktop/release-notes/#4710"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Docker Model Runner container-to-host code execution via MLX-LM model_file importlib loading",
          "workarounds": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Disable Docker Model Runner or only run trusted containers on Docker Desktop instances where Model Runner is enabled."
                }
              ],
              "value": "Disable Docker Model Runner or only run trusted containers on Docker Desktop instances where Model Runner is enabled."
            }
          ],
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "686469e6-3ff6-451b-ab8b-cf5b9e89401e",
        "assignerShortName": "Docker",
        "cveId": "CVE-2026-5843",
        "datePublished": "2026-05-22T19:28:38.857Z",
        "dateReserved": "2026-04-08T17:43:50.508Z",
        "dateUpdated": "2026-05-27T03:55:38.188Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-5817 (GCVE-0-2026-5817)

    Vulnerability from cvelistv5 – Published: 2026-05-22 19:24 – Updated: 2026-05-27 03:55
    VLAI
    Title
    Docker Model Runner container-to-host code execution via unsandboxed trust_remote_code in Python inference backends
    Summary
    The vllm-metal inference backend in Docker Model Runner on macOS unconditionally sets trust_remote_code=True when loading model tokenizers, and runs without sandboxing. This causes transformers.AutoTokenizer.from_pretrained() to import and execute arbitrary Python files included in any model pulled from an OCI registry, resulting in arbitrary code execution on the Docker host as the Docker Desktop user when inference is triggered. Any container on the Docker network can trigger this by calling the model-runner.docker.internal API to pull a malicious model and request inference.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-829 - Inclusion of Functionality from Untrusted Control Sphere
    Assigner
    References
    Impacted products
    Vendor Product Version
    Docker Docker Desktop Affected: 4.62.0 , < 4.68.0 (semver)
    Create a notification for this product.
    Credits
    David Rochester (@davidrxchester) Nicholas Gould (@gouldnicholas)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-5817",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-26T00:00:00+00:00",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-27T03:55:37.087Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "MacOS"
              ],
              "product": "Docker Desktop",
              "vendor": "Docker",
              "versions": [
                {
                  "lessThan": "4.68.0",
                  "status": "affected",
                  "version": "4.62.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "configurations": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Docker Model Runner enabled with the vllm-metal inference backend on macOS"
                }
              ],
              "value": "Docker Model Runner enabled with the vllm-metal inference backend on macOS"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "David Rochester (@davidrxchester)"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "Nicholas Gould (@gouldnicholas)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "The vllm-metal inference backend in Docker Model Runner on macOS unconditionally sets \u003ccode\u003etrust_remote_code=True\u003c/code\u003e when loading model tokenizers, and runs without sandboxing. This causes \u003ccode\u003etransformers.AutoTokenizer.from_pretrained()\u003c/code\u003e to import and execute arbitrary Python files included in any model pulled from an OCI registry, resulting in arbitrary code execution on the Docker host as the Docker Desktop user when inference is triggered.\u003cbr\u003e\u003cbr\u003eAny container on the Docker network can trigger this by calling the \u003ccode\u003emodel-runner.docker.internal\u003c/code\u003e API to pull a malicious model and request inference."
                }
              ],
              "value": "The vllm-metal inference backend in Docker Model Runner on macOS unconditionally sets trust_remote_code=True when loading model tokenizers, and runs without sandboxing. This causes transformers.AutoTokenizer.from_pretrained() to import and execute arbitrary Python files included in any model pulled from an OCI registry, resulting in arbitrary code execution on the Docker host as the Docker Desktop user when inference is triggered.\n\nAny container on the Docker network can trigger this by calling the model-runner.docker.internal API to pull a malicious model and request inference."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-480",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-480 Escaping Virtualization"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "PRESENT",
                "attackVector": "LOCAL",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "HIGH",
                "subConfidentialityImpact": "HIGH",
                "subIntegrityImpact": "HIGH",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 8.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-829",
                  "description": "CWE-829: Inclusion of Functionality from Untrusted Control Sphere",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-22T19:24:15.662Z",
            "orgId": "686469e6-3ff6-451b-ab8b-cf5b9e89401e",
            "shortName": "Docker"
          },
          "references": [
            {
              "tags": [
                "release-notes"
              ],
              "url": "https://docs.docker.com/desktop/release-notes/#4680"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Docker Model Runner container-to-host code execution via unsandboxed trust_remote_code in Python inference backends",
          "workarounds": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Disable Docker Model Runner or only run trusted containers on Docker Desktop instances where Model Runner is enabled."
                }
              ],
              "value": "Disable Docker Model Runner or only run trusted containers on Docker Desktop instances where Model Runner is enabled."
            }
          ],
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "686469e6-3ff6-451b-ab8b-cf5b9e89401e",
        "assignerShortName": "Docker",
        "cveId": "CVE-2026-5817",
        "datePublished": "2026-05-22T19:24:15.662Z",
        "dateReserved": "2026-04-08T15:34:05.200Z",
        "dateUpdated": "2026-05-27T03:55:37.087Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-6406 (GCVE-0-2026-6406)

    Vulnerability from cvelistv5 – Published: 2026-05-22 18:32 – Updated: 2026-05-23 03:56
    VLAI
    Title
    Docker Desktop Enhanced Container Isolation bypass via --use-api-socket CLI flag
    Summary
    The Docker CLI --use-api-socket flag bypasses Enhanced Container Isolation (ECI) restrictions in Docker Desktop. When ECI is enabled, Docker socket mounts from containers are denied unless explicitly allowed via the admin-settings configuration. However, the --use-api-socket flag adds the Docker socket mount via the HostConfig.Mounts field rather than the HostConfig.Binds field. The ECI enforcement in the Docker Desktop API proxy only inspected Binds, allowing the mount to pass unchecked. This grants a container full access to the Docker Engine socket and, if the host user has logged in to container registries, their authentication credentials. A local attacker with the ability to run Docker CLI commands can exploit this to escape ECI restrictions, access the Docker Engine, and potentially escalate privileges.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-863 - Incorrect Authorization
    Assigner
    References
    Impacted products
    Vendor Product Version
    Docker Docker Desktop Affected: 4.41.0 , < 4.59.0 (semver)
    Create a notification for this product.
    Date Public
    2026-04-23 00:00
    Credits
    Nitesh Surana (niteshsurana.com) of Trend Research
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-6406",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-22T00:00:00+00:00",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-23T03:56:00.655Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "MacOS",
                "Linux",
                "Windows"
              ],
              "product": "Docker Desktop",
              "vendor": "Docker",
              "versions": [
                {
                  "lessThan": "4.59.0",
                  "status": "affected",
                  "version": "4.41.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "configurations": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Docker Desktop with Enhanced Container Isolation (ECI) enabled (requires Docker Business subscription)"
                }
              ],
              "value": "Docker Desktop with Enhanced Container Isolation (ECI) enabled (requires Docker Business subscription)"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Nitesh Surana (niteshsurana.com) of Trend Research"
            }
          ],
          "datePublic": "2026-04-23T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "The Docker CLI \u003ccode\u003e--use-api-socket\u003c/code\u003e flag bypasses Enhanced Container Isolation (ECI) restrictions in Docker Desktop. When ECI is enabled, Docker socket mounts from containers are denied unless explicitly allowed via the admin-settings configuration. However, the \u003ccode\u003e--use-api-socket\u003c/code\u003e flag adds the Docker socket mount via the \u003ccode\u003eHostConfig.Mounts\u003c/code\u003e field rather than the \u003ccode\u003eHostConfig.Binds\u003c/code\u003e field. The ECI enforcement in the Docker Desktop API proxy only inspected \u003ccode\u003eBinds\u003c/code\u003e, allowing the mount to pass unchecked. This grants a container full access to the Docker Engine socket and, if the host user has logged in to container registries, their authentication credentials.\u003cbr\u003e\u003cbr\u003eA local attacker with the ability to run Docker CLI commands can exploit this to escape ECI restrictions, access the Docker Engine, and potentially escalate privileges."
                }
              ],
              "value": "The Docker CLI --use-api-socket flag bypasses Enhanced Container Isolation (ECI) restrictions in Docker Desktop. When ECI is enabled, Docker socket mounts from containers are denied unless explicitly allowed via the admin-settings configuration. However, the --use-api-socket flag adds the Docker socket mount via the HostConfig.Mounts field rather than the HostConfig.Binds field. The ECI enforcement in the Docker Desktop API proxy only inspected Binds, allowing the mount to pass unchecked. This grants a container full access to the Docker Engine socket and, if the host user has logged in to container registries, their authentication credentials.\n\nA local attacker with the ability to run Docker CLI commands can exploit this to escape ECI restrictions, access the Docker Engine, and potentially escalate privileges."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-122",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-122 Privilege Abuse"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "PRESENT",
                "attackVector": "LOCAL",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "HIGH",
                "subConfidentialityImpact": "HIGH",
                "subIntegrityImpact": "HIGH",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-863",
                  "description": "CWE-863: Incorrect Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-22T18:32:15.959Z",
            "orgId": "686469e6-3ff6-451b-ab8b-cf5b9e89401e",
            "shortName": "Docker"
          },
          "references": [
            {
              "tags": [
                "release-notes"
              ],
              "url": "https://docs.docker.com/desktop/release-notes/#4590"
            },
            {
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-299/"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Docker Desktop Enhanced Container Isolation bypass via --use-api-socket CLI flag",
          "workarounds": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Upgrade to Docker Desktop 4.59.0 or later. As a workaround, restrict which users can execute Docker CLI commands on the host."
                }
              ],
              "value": "Upgrade to Docker Desktop 4.59.0 or later. As a workaround, restrict which users can execute Docker CLI commands on the host."
            }
          ],
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "686469e6-3ff6-451b-ab8b-cf5b9e89401e",
        "assignerShortName": "Docker",
        "cveId": "CVE-2026-6406",
        "datePublished": "2026-05-22T18:32:15.959Z",
        "dateReserved": "2026-04-15T21:42:36.201Z",
        "dateUpdated": "2026-05-23T03:56:00.655Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-15558 (GCVE-0-2025-15558)

    Vulnerability from cvelistv5 – Published: 2026-03-04 16:14 – Updated: 2026-06-30 12:07
    VLAI
    Title
    Docker Desktop Docker Plugins Uncontrolled Search Path Element Local Privilege Escalation Vulnerability
    Summary
    Docker CLI for Windows searches for plugin binaries in C:\ProgramData\Docker\cli-plugins, a directory that does not exist by default. A low-privileged attacker can create this directory and place malicious CLI plugin binaries (docker-compose.exe, docker-buildx.exe, etc.) that are executed when a victim user opens Docker Desktop or invokes Docker CLI plugin features, and allow privilege-escalation if the docker CLI is executed as a privileged user. This issue affects Docker CLI: through 29.1.5 and Windows binaries acting as a CLI-plugin manager using the github.com/docker/cli/cli-plugins/manager https://pkg.go.dev/github.com/docker/cli@v29.1.5+incompatible/cli-plugins/manager  package, such as Docker Compose. This issue does not impact non-Windows binaries, and projects not using the plugin-manager code.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-427 - Uncontrolled Search Path Element
    Assigner
    Impacted products
    Vendor Product Version
    Docker Docker CLI Unaffected: 29.2.0 (semver)
    Create a notification for this product.
    Docker Compose Unaffected: 5.1.0 (semver)
    Create a notification for this product.
    Red Hat Assisted Installer for Red Hat OpenShift Container Platform 2     cpe:/a:redhat:assisted_installer:2
    Create a notification for this product.
    Red Hat Builds for Red Hat OpenShift     cpe:/a:redhat:openshift_builds:1
    Create a notification for this product.
    Red Hat Gatekeeper 3     cpe:/a:redhat:gatekeeper:3
    Create a notification for this product.
    Red Hat Kernel Module Management Operator for Red Hat Openshift     cpe:/a:redhat:kernel_module_management:2
    Create a notification for this product.
    Red Hat Machine Deletion Remediation Operator     cpe:/a:redhat:workload_availability_mdr:0
    Create a notification for this product.
    Red Hat Multicluster Engine for Kubernetes     cpe:/a:redhat:multicluster_engine
    Create a notification for this product.
    Red Hat Multicluster Global Hub     cpe:/a:redhat:multicluster_globalhub
    Create a notification for this product.
    Red Hat OpenShift Pipelines     cpe:/a:redhat:openshift_pipelines:1
    Create a notification for this product.
    Red Hat OpenShift Serverless     cpe:/a:redhat:serverless:1
    Create a notification for this product.
    Red Hat OpenShift Service Mesh 2     cpe:/a:redhat:service_mesh:2
    Create a notification for this product.
    Red Hat OpenShift Service Mesh 3     cpe:/a:redhat:service_mesh:3
    Create a notification for this product.
    Red Hat Red Hat Advanced Cluster Management for Kubernetes 2     cpe:/a:redhat:acm:2
    Create a notification for this product.
    Red Hat Red Hat Advanced Cluster Security 4     cpe:/a:redhat:advanced_cluster_security:4
    Create a notification for this product.
    Red Hat Red Hat OpenShift AI (RHOAI)     cpe:/a:redhat:openshift_ai
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4     cpe:/a:redhat:openshift:4
    Create a notification for this product.
    Red Hat Red Hat OpenShift Dev Spaces     cpe:/a:redhat:openshift_devspaces:3
    Create a notification for this product.
    Red Hat Red Hat OpenShift for Windows Containers     cpe:/a:redhat:windows_machine_config
    Create a notification for this product.
    Red Hat Red Hat OpenShift GitOps     cpe:/a:redhat:openshift_gitops:1
    Create a notification for this product.
    Red Hat Red Hat OpenShift Virtualization 4     cpe:/a:redhat:container_native_virtualization:4
    Create a notification for this product.
    Red Hat Red Hat OpenStack Platform 16.2     cpe:/a:redhat:openstack:16.2
    Create a notification for this product.
    Red Hat Red Hat OpenStack Platform 17.1     cpe:/a:redhat:openstack:17.1
    Create a notification for this product.
    Red Hat Red Hat OpenStack Platform 18.0     cpe:/a:redhat:openstack:18.0
    Create a notification for this product.
    Red Hat Red Hat Quay 3     cpe:/a:redhat:quay:3
    Create a notification for this product.
    Red Hat Red Hat Trusted Artifact Signer     cpe:/a:redhat:trusted_artifact_signer:1
    Create a notification for this product.
    Red Hat Security Profiles Operator     cpe:/a:redhat:openshift_security_profiles_operator:1
    Create a notification for this product.
    Red Hat Zero Trust Workload Identity Manager     cpe:/a:redhat:zero_trust_workload_identity_manager:1
    Create a notification for this product.
    Red Hat Zero Trust Workload Identity Manager - Tech Preview     cpe:/a:redhat:zero_trust_workload_identity_manager:0
    Create a notification for this product.
    Credits
    Nitesh Surana (niteshsurana.com) of Trend Research of TrendAI
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-15558",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-04T00:00:00+00:00",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-05T04:55:47.099Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:/a:redhat:assisted_installer:2"
                ],
                "defaultStatus": "unaffected",
                "product": "Assisted Installer for Red Hat OpenShift Container Platform 2",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift_builds:1"
                ],
                "defaultStatus": "unaffected",
                "product": "Builds for Red Hat OpenShift",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:gatekeeper:3"
                ],
                "defaultStatus": "unaffected",
                "product": "Gatekeeper 3",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:kernel_module_management:2"
                ],
                "defaultStatus": "unaffected",
                "product": "Kernel Module Management Operator for Red Hat Openshift",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:workload_availability_mdr:0"
                ],
                "defaultStatus": "unaffected",
                "product": "Machine Deletion Remediation Operator",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:multicluster_engine"
                ],
                "defaultStatus": "unaffected",
                "product": "Multicluster Engine for Kubernetes",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:multicluster_globalhub"
                ],
                "defaultStatus": "unaffected",
                "product": "Multicluster Global Hub",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift_pipelines:1"
                ],
                "defaultStatus": "unaffected",
                "product": "OpenShift Pipelines",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:serverless:1"
                ],
                "defaultStatus": "unaffected",
                "product": "OpenShift Serverless",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:service_mesh:2"
                ],
                "defaultStatus": "unaffected",
                "product": "OpenShift Service Mesh 2",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:service_mesh:3"
                ],
                "defaultStatus": "unaffected",
                "product": "OpenShift Service Mesh 3",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:acm:2"
                ],
                "defaultStatus": "unaffected",
                "product": "Red Hat Advanced Cluster Management for Kubernetes 2",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:advanced_cluster_security:4"
                ],
                "defaultStatus": "unaffected",
                "product": "Red Hat Advanced Cluster Security 4",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift_ai"
                ],
                "defaultStatus": "unaffected",
                "product": "Red Hat OpenShift AI (RHOAI)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift:4"
                ],
                "defaultStatus": "unaffected",
                "product": "Red Hat OpenShift Container Platform 4",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift_devspaces:3"
                ],
                "defaultStatus": "unaffected",
                "product": "Red Hat OpenShift Dev Spaces",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:windows_machine_config"
                ],
                "defaultStatus": "unaffected",
                "product": "Red Hat OpenShift for Windows Containers",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift_gitops:1"
                ],
                "defaultStatus": "unaffected",
                "product": "Red Hat OpenShift GitOps",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:container_native_virtualization:4"
                ],
                "defaultStatus": "unaffected",
                "product": "Red Hat OpenShift Virtualization 4",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openstack:16.2"
                ],
                "defaultStatus": "unaffected",
                "product": "Red Hat OpenStack Platform 16.2",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openstack:17.1"
                ],
                "defaultStatus": "unaffected",
                "product": "Red Hat OpenStack Platform 17.1",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openstack:18.0"
                ],
                "defaultStatus": "unaffected",
                "product": "Red Hat OpenStack Platform 18.0",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:quay:3"
                ],
                "defaultStatus": "unaffected",
                "product": "Red Hat Quay 3",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:trusted_artifact_signer:1"
                ],
                "defaultStatus": "unaffected",
                "product": "Red Hat Trusted Artifact Signer",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift_security_profiles_operator:1"
                ],
                "defaultStatus": "unaffected",
                "product": "Security Profiles Operator",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:zero_trust_workload_identity_manager:1"
                ],
                "defaultStatus": "unaffected",
                "product": "Zero Trust Workload Identity Manager",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:zero_trust_workload_identity_manager:0"
                ],
                "defaultStatus": "unaffected",
                "product": "Zero Trust Workload Identity Manager - Tech Preview",
                "vendor": "Red Hat"
              }
            ],
            "datePublic": "2026-03-04T16:14:32.045Z",
            "descriptions": [
              {
                "lang": "en",
                "value": "A flaw was found in Docker CLI for Windows. A low-privileged attacker can exploit this vulnerability by creating a specific directory, C:\\ProgramData\\Docker\\cli-plugins, which does not exist by default. By placing malicious plugin binaries in this directory, an attacker can achieve privilege escalation when a victim user opens Docker Desktop or uses Docker CLI plugin features, provided the Docker CLI is executed with elevated privileges."
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "namespace": "https://access.redhat.com/security/updates/classification/",
                    "value": "Important"
                  },
                  "type": "Red Hat severity rating"
                }
              },
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.3,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                },
                "format": "CVSS"
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-427",
                    "description": "Uncontrolled Search Path Element",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-30T12:07:21.534Z",
              "orgId": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
              "shortName": "redhat-SADP"
            },
            "references": [
              {
                "tags": [
                  "vdb-entry",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/security/cve/CVE-2025-15558"
              },
              {
                "name": "RHBZ#2444574",
                "tags": [
                  "issue-tracking",
                  "x_refsource_REDHAT"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2444574"
              },
              {
                "tags": [
                  "x_sadp-csaf-vex"
                ],
                "url": "https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-15558.json"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2026-03-04T17:01:09.062Z",
                "value": "Reported to Red Hat."
              },
              {
                "lang": "en",
                "time": "2026-03-04T16:14:32.045Z",
                "value": "Made public."
              }
            ],
            "title": "docker/cli: Docker CLI for Windows: Privilege escalation via malicious plugin binaries",
            "x_adpType": "supplier",
            "x_generator": {
              "engine": "sadp-cli 1.0.0"
            }
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "platforms": [
                "Windows"
              ],
              "product": "Docker CLI",
              "vendor": "Docker",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "29.2.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows"
              ],
              "product": "Compose",
              "vendor": "Docker",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "5.1.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Nitesh Surana (niteshsurana.com) of Trend Research of TrendAI"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eDocker CLI for Windows searches for plugin binaries in \u003ccode\u003eC:\\ProgramData\\Docker\\cli-plugins\u003c/code\u003e, a directory that does not exist by default. A low-privileged attacker can create this directory and place malicious CLI plugin binaries (docker-compose.exe, docker-buildx.exe, etc.) that are executed when a victim user opens Docker Desktop or invokes Docker CLI plugin features, and allow privilege-escalation if the \u003ccode\u003edocker\u003c/code\u003e\u0026nbsp;CLI is executed as a privileged user.\u003c/p\u003e\u003cp\u003eThis issue affects Docker CLI: through 29.1.5 and Windows binaries acting as a CLI-plugin manager using the \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://pkg.go.dev/github.com/docker/cli@v29.1.5+incompatible/cli-plugins/manager\"\u003e\u003ccode\u003egithub.com/docker/cli/cli-plugins/manager\u003c/code\u003e\u003c/a\u003e\u0026nbsp;package, such as Docker Compose.\u003c/p\u003e\u003cp\u003eThis issue does not impact non-Windows binaries, and projects not using the plugin-manager code.\u003c/p\u003e\u003cp\u003e\u003c/p\u003e"
                }
              ],
              "value": "Docker CLI for Windows searches for plugin binaries in C:\\ProgramData\\Docker\\cli-plugins, a directory that does not exist by default. A low-privileged attacker can create this directory and place malicious CLI plugin binaries (docker-compose.exe, docker-buildx.exe, etc.) that are executed when a victim user opens Docker Desktop or invokes Docker CLI plugin features, and allow privilege-escalation if the docker\u00a0CLI is executed as a privileged user.\n\nThis issue affects Docker CLI: through 29.1.5 and Windows binaries acting as a CLI-plugin manager using the  github.com/docker/cli/cli-plugins/manager https://pkg.go.dev/github.com/docker/cli@v29.1.5+incompatible/cli-plugins/manager \u00a0package, such as Docker Compose.\n\nThis issue does not impact non-Windows binaries, and projects not using the plugin-manager code."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-38",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-38 Leveraging/Manipulating Configuration File Search Paths"
                }
              ]
            },
            {
              "capecId": "CAPEC-471",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-471 Search Order Hijacking"
                }
              ]
            },
            {
              "capecId": "CAPEC-640",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-640 Inclusion of Code in Existing Process"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NO",
                "Recovery": "USER",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "LOCAL",
                "baseScore": 7,
                "baseSeverity": "HIGH",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "PASSIVE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/AU:N/R:U",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-427",
                  "description": "CWE-427 Uncontrolled Search Path Element",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-03-04T16:14:32.045Z",
            "orgId": "686469e6-3ff6-451b-ab8b-cf5b9e89401e",
            "shortName": "Docker"
          },
          "references": [
            {
              "url": "https://docs.docker.com/desktop/release-notes/"
            },
            {
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-CAN-28304/"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/docker/cli/pull/6713"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Docker Desktop Docker Plugins Uncontrolled Search Path Element Local Privilege Escalation Vulnerability",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "686469e6-3ff6-451b-ab8b-cf5b9e89401e",
        "assignerShortName": "Docker",
        "cveId": "CVE-2025-15558",
        "datePublished": "2026-03-04T16:14:32.045Z",
        "dateReserved": "2026-02-03T19:51:18.184Z",
        "dateUpdated": "2026-06-30T12:07:21.534Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-2664 (GCVE-0-2026-2664)

    Vulnerability from cvelistv5 – Published: 2026-02-24 10:09 – Updated: 2026-02-26 08:34
    VLAI
    Title
    Out of bounds read vulnerability in grpcfuse kernel module
    Summary
    An out of bounds read vulnerability in the grpcfuse kernel module present in the Linux VM in Docker Desktop for Windows, Linux and macOS up to version 4.61.0 could allow a local attacker to cause an unspecified impact by writing to /proc/docker entries. The issue has been fixed in Docker Desktop 4.62.0 .
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Docker Docker Desktop Affected: 0 , < 4.62.0 (semver)
    Create a notification for this product.
    Credits
    Pumpkin (@u1f383) from DEVCORE Research Team working with TrendAI Zero Day Initiative
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-2664",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-02-24T15:57:56.132963Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-24T15:58:34.975Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows",
                "MacOS",
                "Linux"
              ],
              "product": "Docker Desktop",
              "vendor": "Docker",
              "versions": [
                {
                  "lessThan": "4.62.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Pumpkin (@u1f383) from DEVCORE Research Team working with TrendAI Zero Day Initiative"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "An out of bounds read vulnerability in the grpcfuse kernel module present in the Linux VM in Docker Desktop for Windows, Linux and macOS up to version 4.61.0 could allow a local attacker to cause an unspecified impact by writing to /proc/docker entries. The issue has been fixed in\u0026nbsp;Docker Desktop 4.62.0 .\u003cbr\u003e"
                }
              ],
              "value": "An out of bounds read vulnerability in the grpcfuse kernel module present in the Linux VM in Docker Desktop for Windows, Linux and macOS up to version 4.61.0 could allow a local attacker to cause an unspecified impact by writing to /proc/docker entries. The issue has been fixed in\u00a0Docker Desktop 4.62.0 ."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "LOCAL",
                "baseScore": 6.8,
                "baseSeverity": "MEDIUM",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-125",
                  "description": "CWE-125 Out-of-bounds Read",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-26T08:34:00.870Z",
            "orgId": "686469e6-3ff6-451b-ab8b-cf5b9e89401e",
            "shortName": "Docker"
          },
          "references": [
            {
              "url": "https://docs.docker.com/desktop/release-notes/#4620"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Out of bounds read vulnerability in grpcfuse kernel module",
          "x_generator": {
            "engine": "Vulnogram 0.5.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "686469e6-3ff6-451b-ab8b-cf5b9e89401e",
        "assignerShortName": "Docker",
        "cveId": "CVE-2026-2664",
        "datePublished": "2026-02-24T10:09:18.664Z",
        "dateReserved": "2026-02-18T08:31:13.158Z",
        "dateUpdated": "2026-02-26T08:34:00.870Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-14740 (GCVE-0-2025-14740)

    Vulnerability from cvelistv5 – Published: 2026-02-04 13:57 – Updated: 2026-02-26 15:04
    VLAI
    Title
    Docker Desktop for Windows Incorrect Permission Assignment Privilege Escalation Vulnerabilities
    Summary
    Docker Desktop for Windows contains multiple incorrect permission assignment vulnerabilities in the installer's handling of the C:\ProgramData\DockerDesktop directory. The installer creates this directory without proper ownership verification, creating two exploitation scenarios: Scenario 1 (Persistent Attack): If a low-privileged attacker pre-creates C:\ProgramData\DockerDesktop before Docker Desktop installation, the attacker retains ownership of the directory even after the installer applies restrictive ACLs. At any time after installation completes, the attacker can modify the directory ACL (as the owner) and tamper with critical configuration files such as install-settings.json to specify a malicious credentialHelper, causing arbitrary code execution when any user runs Docker Desktop. Scenario 2 (TOCTOU Attack): During installation, there is a time-of-check-time-of-use (TOCTOU) race condition between when the installer creates C:\ProgramData\DockerDesktop and when it sets secure ACLs. A low-privileged attacker actively monitoring for the installation can inject malicious files (such as install-settings.json) with attacker-controlled ACLs during this window, achieving the same code execution outcome.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-732 - Incorrect Permission Assignment for Critical Resource
    Assigner
    References
    Impacted products
    Vendor Product Version
    Docker Inc. Docker Desktop Affected: 0 , ≤ 4.56.0 (semver)
    Create a notification for this product.
    Credits
    Nitesh Surana (niteshsurana.com) - Trend Micro Zero Day Initiative Amol Dosanjh - Trend Micro Research
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-14740",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-02-05T04:55:14.729983Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-26T15:04:21.122Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows"
              ],
              "product": "Docker Desktop",
              "vendor": "Docker Inc.",
              "versions": [
                {
                  "lessThanOrEqual": "4.56.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Nitesh Surana (niteshsurana.com) - Trend Micro Zero Day Initiative"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "Amol Dosanjh - Trend Micro Research"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Docker Desktop for Windows contains multiple incorrect permission assignment vulnerabilities in the installer\u0027s handling of the \u003ccode\u003eC:\\ProgramData\\DockerDesktop\u003c/code\u003e directory. The installer creates this directory without proper ownership verification, creating two exploitation scenarios:\u003cbr\u003e\u003cbr\u003e\u003cstrong\u003eScenario 1 (Persistent Attack)\u003c/strong\u003e:\nIf a low-privileged attacker pre-creates \u003ccode\u003eC:\\ProgramData\\DockerDesktop\u003c/code\u003e before Docker Desktop installation, the attacker retains ownership of the directory even after the installer applies restrictive ACLs. At any time after installation completes, the attacker can modify the directory ACL (as the owner) and tamper with critical configuration files such as \u003ccode\u003einstall-settings.json\u003c/code\u003e to specify a malicious \u003ccode\u003ecredentialHelper\u003c/code\u003e, causing arbitrary code execution when any user runs Docker Desktop.\u003cbr\u003e\u003cbr\u003e\u003cstrong\u003eScenario 2 (TOCTOU Attack)\u003c/strong\u003e:\nDuring installation, there is a time-of-check-time-of-use (TOCTOU) race condition between when the installer creates \u003ccode\u003eC:\\ProgramData\\DockerDesktop\u003c/code\u003e and when it sets secure ACLs. A low-privileged attacker actively monitoring for the installation can inject malicious files (such as \u003ccode\u003einstall-settings.json\u003c/code\u003e) with attacker-controlled ACLs during this window, achieving the same code execution outcome.\u003cbr\u003e"
                }
              ],
              "value": "Docker Desktop for Windows contains multiple incorrect permission assignment vulnerabilities in the installer\u0027s handling of the C:\\ProgramData\\DockerDesktop directory. The installer creates this directory without proper ownership verification, creating two exploitation scenarios:\n\nScenario 1 (Persistent Attack):\nIf a low-privileged attacker pre-creates C:\\ProgramData\\DockerDesktop before Docker Desktop installation, the attacker retains ownership of the directory even after the installer applies restrictive ACLs. At any time after installation completes, the attacker can modify the directory ACL (as the owner) and tamper with critical configuration files such as install-settings.json to specify a malicious credentialHelper, causing arbitrary code execution when any user runs Docker Desktop.\n\nScenario 2 (TOCTOU Attack):\nDuring installation, there is a time-of-check-time-of-use (TOCTOU) race condition between when the installer creates C:\\ProgramData\\DockerDesktop and when it sets secure ACLs. A low-privileged attacker actively monitoring for the installation can inject malicious files (such as install-settings.json) with attacker-controlled ACLs during this window, achieving the same code execution outcome."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-1",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-1 Accessing Functionality Not Properly Constrained by ACLs"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 6.7,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-732",
                  "description": "CWE-732 Incorrect Permission Assignment for Critical Resource",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-04T13:57:23.002Z",
            "orgId": "686469e6-3ff6-451b-ab8b-cf5b9e89401e",
            "shortName": "Docker"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://docs.docker.com/security/"
            },
            {
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-CAN-28542/"
            },
            {
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-CAN-28190/"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Docker has implemented the following mitigations:\u003cbr\u003e\u003cul\u003e\u003cli\u003eAtomic creation of \u003ccode\u003eC:\\ProgramData\\DockerDesktop\u003c/code\u003e with admin ownership and correct ACLs\u003c/li\u003e\u003cli\u003eVerification that directory is owned by known admin SIDs (SYSTEM or Administrators)\u003c/li\u003e\u003cli\u003eInstallation aborts if directory is not owned by trusted elevated SID\u003c/li\u003e\u003cli\u003eTOCTOU protection through atomic operations setting ownership and ACLs simultaneously\u003c/li\u003e\u003c/ul\u003e\u003cbr\u003eUpdate to Docker Desktop version 4.56 or later.\u003cbr\u003e"
                }
              ],
              "value": "Docker has implemented the following mitigations:\n- Atomic creation of C:\\ProgramData\\DockerDesktop with admin ownership and correct ACLs\n- Verification that directory is owned by known admin SIDs (SYSTEM or Administrators)\n- Installation aborts if directory is not owned by trusted elevated SID\n- TOCTOU protection through atomic operations setting ownership and ACLs simultaneously\n\nUpdate to Docker Desktop version 4.56 or later."
            }
          ],
          "source": {
            "advisory": "ZDI-CAN-28542, ZDI-CAN-28190",
            "discovery": "EXTERNAL"
          },
          "title": "Docker Desktop for Windows Incorrect Permission Assignment Privilege Escalation Vulnerabilities",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "686469e6-3ff6-451b-ab8b-cf5b9e89401e",
        "assignerShortName": "Docker",
        "cveId": "CVE-2025-14740",
        "datePublished": "2026-02-04T13:57:23.002Z",
        "dateReserved": "2025-12-15T18:58:24.043Z",
        "dateUpdated": "2026-02-26T15:04:21.122Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-13743 (GCVE-0-2025-13743)

    Vulnerability from cvelistv5 – Published: 2025-12-09 20:39 – Updated: 2025-12-10 15:45
    VLAI
    Title
    Expired Personal Access Tokens (PATs) are recorded in Docker Desktop diagnostic logs
    Summary
    Docker Desktop diagnostics bundles were found to include expired Hub PATs in log output due to error object serialization. This poses a risk of leaking sensitive information in exported diagnostics, especially when access denied errors occurred.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-532 - Insertion of Sensitive Information into Log File
    Assigner
    Impacted products
    Vendor Product Version
    Docker Docker Desktop Affected: 4.51.0 , < 4.54.0 (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-13743",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-12-10T15:44:59.826584Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-12-10T15:45:17.295Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows",
                "MacOS",
                "Linux"
              ],
              "product": "Docker Desktop",
              "vendor": "Docker",
              "versions": [
                {
                  "lessThan": "4.54.0",
                  "status": "affected",
                  "version": "4.51.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Docker Desktop diagnostics bundles were found to include expired Hub PATs in log output due to error object serialization. This poses a risk of leaking sensitive information in exported diagnostics, especially when access denied errors occurred."
                }
              ],
              "value": "Docker Desktop diagnostics bundles were found to include expired Hub PATs in log output due to error object serialization. This poses a risk of leaking sensitive information in exported diagnostics, especially when access denied errors occurred."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-155",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-155 Screen Temporary Files for Sensitive Information"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "LOCAL",
                "baseScore": 2.4,
                "baseSeverity": "LOW",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "PASSIVE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "LOW",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-532",
                  "description": "CWE-532 Insertion of Sensitive Information into Log File",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-12-09T20:39:52.071Z",
            "orgId": "686469e6-3ff6-451b-ab8b-cf5b9e89401e",
            "shortName": "Docker"
          },
          "references": [
            {
              "url": "https://docs.docker.com/desktop/troubleshoot-and-support/troubleshoot/#troubleshoot-menu"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Expired Personal Access Tokens (PATs) are recorded in Docker Desktop diagnostic logs",
          "x_generator": {
            "engine": "Vulnogram 0.5.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "686469e6-3ff6-451b-ab8b-cf5b9e89401e",
        "assignerShortName": "Docker",
        "cveId": "CVE-2025-13743",
        "datePublished": "2025-12-09T20:39:52.071Z",
        "dateReserved": "2025-11-26T14:07:43.047Z",
        "dateUpdated": "2025-12-10T15:45:17.295Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-9164 (GCVE-0-2025-9164)

    Vulnerability from cvelistv5 – Published: 2025-10-27 13:53 – Updated: 2026-02-26 16:57
    VLAI
    Title
    Multiple DLL Search Order Hijacking Vulnerabilities in Docker Desktop Installer for Windows
    Summary
    Docker Desktop Installer.exe is vulnerable to DLL hijacking due to insecure DLL search order. The installer searches for required DLLs in the user's Downloads folder before checking system directories, allowing local privilege escalation through malicious DLL placement.This issue affects Docker Desktop: through 4.48.0.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-427 - Uncontrolled Search Path Element
    Assigner
    References
    Impacted products
    Vendor Product Version
    Docker Docker Desktop Affected: 0 , ≤ 4.48.0 (semver)
    Create a notification for this product.
    Credits
    Mahmoud NourEldin
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-9164",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-10-28T03:56:03.322080Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-26T16:57:05.419Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows"
              ],
              "product": "Docker Desktop",
              "vendor": "Docker",
              "versions": [
                {
                  "lessThanOrEqual": "4.48.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:docker:docker_desktop:*:*:windows:*:*:*:*:*",
                      "versionEndIncluding": "4.48.0",
                      "versionStartIncluding": "0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Mahmoud NourEldin"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Docker Desktop Installer.exe is vulnerable to DLL hijacking due to insecure DLL search order. The installer searches for required DLLs in the user\u0027s Downloads folder before checking system directories, allowing local privilege escalation through malicious DLL placement.\u003cp\u003eThis issue affects Docker Desktop: through 4.48.0.\u003c/p\u003e"
                }
              ],
              "value": "Docker Desktop Installer.exe is vulnerable to DLL hijacking due to insecure DLL search order. The installer searches for required DLLs in the user\u0027s Downloads folder before checking system directories, allowing local privilege escalation through malicious DLL placement.This issue affects Docker Desktop: through 4.48.0."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-38",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-38 Leveraging/Manipulating Configuration File Search Paths"
                }
              ]
            },
            {
              "capecId": "CAPEC-471",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-471 Search Order Hijacking"
                }
              ]
            },
            {
              "capecId": "CAPEC-640",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-640 Inclusion of Code in Existing Process"
                }
              ]
            },
            {
              "capecId": "CAPEC-159",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-159 Redirect Access to Libraries"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "YES",
                "Recovery": "USER",
                "Safety": "PRESENT",
                "attackComplexity": "HIGH",
                "attackRequirements": "PRESENT",
                "attackVector": "LOCAL",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "HIGH",
                "subConfidentialityImpact": "HIGH",
                "subIntegrityImpact": "HIGH",
                "userInteraction": "NONE",
                "valueDensity": "CONCENTRATED",
                "vectorString": "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/S:P/AU:Y/R:U/V:C",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-427",
                  "description": "CWE-427 Uncontrolled Search Path Element",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-10-27T13:55:28.201Z",
            "orgId": "686469e6-3ff6-451b-ab8b-cf5b9e89401e",
            "shortName": "Docker"
          },
          "references": [
            {
              "url": "https://docs.docker.com/desktop/release-notes/"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Multiple DLL Search Order Hijacking Vulnerabilities in Docker Desktop Installer for Windows",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "686469e6-3ff6-451b-ab8b-cf5b9e89401e",
        "assignerShortName": "Docker",
        "cveId": "CVE-2025-9164",
        "datePublished": "2025-10-27T13:53:40.216Z",
        "dateReserved": "2025-08-19T13:19:17.483Z",
        "dateUpdated": "2026-02-26T16:57:05.419Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-10657 (GCVE-0-2025-10657)

    Vulnerability from cvelistv5 – Published: 2025-09-26 21:05 – Updated: 2026-02-26 17:47
    VLAI
    Title
    Docker Desktop with ECI Fails to Enforce Socket Command Restrictions
    Summary
    In a hardened Docker environment, with Enhanced Container Isolation ( ECI https://docs.docker.com/enterprise/security/hardened-desktop/enhanced-container-isolation/ ) enabled, an administrator can utilize the command restrictions feature https://docs.docker.com/enterprise/security/hardened-desktop/enhanced-container-isolation/config/#command-restrictions  to restrict commands that a container with a Docker socket mount may issue on that socket. Due to a software bug, the configuration to restrict commands was ignored when passed to ECI, allowing any command to be executed on the socket. This grants excessive privileges by permitting unrestricted access to powerful Docker commands. The vulnerability affects only Docker Desktop 4.46.0 users that have ECI enabled and are using the Docker socket command restrictions feature. In addition, since ECI restricts mounting the Docker socket into containers by default, it only affects containers which are explicitly allowed by the administrator to mount the Docker socket.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-269 - Improper Privilege Management
    Assigner
    References
    Impacted products
    Vendor Product Version
    Docker Docker Desktop Affected: 4.46.0 (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-10657",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-09-30T03:55:09.163759Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-26T17:47:53.364Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows",
                "MacOS",
                "Linux"
              ],
              "product": "Docker Desktop",
              "vendor": "Docker",
              "versions": [
                {
                  "status": "affected",
                  "version": "4.46.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "In a hardened Docker environment, with Enhanced Container Isolation (\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://docs.docker.com/enterprise/security/hardened-desktop/enhanced-container-isolation/\"\u003eECI\u003c/a\u003e) enabled, an administrator can utilize the command restrictions \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://docs.docker.com/enterprise/security/hardened-desktop/enhanced-container-isolation/config/#command-restrictions\"\u003efeature\u003c/a\u003e\u0026nbsp;to restrict commands that a container with a Docker socket mount may issue on that socket.\u003cbr\u003eDue to a software bug, the configuration to restrict commands was ignored when passed to ECI, allowing any command to be executed on the socket. This grants excessive privileges by permitting unrestricted access to powerful Docker commands.\u003cbr\u003e\u003cbr\u003eThe vulnerability affects only Docker Desktop 4.46.0 users that have ECI enabled and are using the Docker socket command restrictions feature. In addition, since ECI restricts mounting the Docker socket into containers by default, it only affects containers which are explicitly allowed by the administrator to mount the Docker socket.\u003cbr\u003e\u003cbr\u003e\u003cbr\u003e"
                }
              ],
              "value": "In a hardened Docker environment, with Enhanced Container Isolation ( ECI https://docs.docker.com/enterprise/security/hardened-desktop/enhanced-container-isolation/ ) enabled, an administrator can utilize the command restrictions  feature https://docs.docker.com/enterprise/security/hardened-desktop/enhanced-container-isolation/config/#command-restrictions \u00a0to restrict commands that a container with a Docker socket mount may issue on that socket.\nDue to a software bug, the configuration to restrict commands was ignored when passed to ECI, allowing any command to be executed on the socket. This grants excessive privileges by permitting unrestricted access to powerful Docker commands.\n\nThe vulnerability affects only Docker Desktop 4.46.0 users that have ECI enabled and are using the Docker socket command restrictions feature. In addition, since ECI restricts mounting the Docker socket into containers by default, it only affects containers which are explicitly allowed by the administrator to mount the Docker socket."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-233",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-233 Privilege Escalation"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "PRESENT",
                "attackVector": "LOCAL",
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "privilegesRequired": "HIGH",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "HIGH",
                "subConfidentialityImpact": "HIGH",
                "subIntegrityImpact": "HIGH",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-269",
                  "description": "CWE-269 Improper Privilege Management",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-09-26T21:05:19.043Z",
            "orgId": "686469e6-3ff6-451b-ab8b-cf5b9e89401e",
            "shortName": "Docker"
          },
          "references": [
            {
              "tags": [
                "release-notes"
              ],
              "url": "https://docs.docker.com/desktop/release-notes"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Docker Desktop with ECI Fails to Enforce Socket Command Restrictions",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "686469e6-3ff6-451b-ab8b-cf5b9e89401e",
        "assignerShortName": "Docker",
        "cveId": "CVE-2025-10657",
        "datePublished": "2025-09-26T21:05:19.043Z",
        "dateReserved": "2025-09-17T20:55:36.396Z",
        "dateUpdated": "2026-02-26T17:47:53.364Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-9074 (GCVE-0-2025-9074)

    Vulnerability from cvelistv5 – Published: 2025-08-20 13:28 – Updated: 2026-02-26 17:48
    VLAI KEVIntel
    Title
    Docker Desktop allows unauthenticated access to Docker Engine API from containers
    Summary
    A vulnerability was identified in Docker Desktop that allows local running Linux containers to access the Docker Engine API via the configured Docker subnet, at 192.168.65.7:2375 by default. This vulnerability occurs with or without Enhanced Container Isolation (ECI) enabled, and with or without the "Expose daemon on tcp://localhost:2375 without TLS" option enabled. This can lead to execution of a wide range of privileged commands to the engine API, including controlling other containers, creating new ones, managing images etc. In some circumstances (e.g. Docker Desktop for Windows with WSL backend) it also allows mounting the host drive with the same privileges as the user running Docker Desktop.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-668 - Exposure of Resource to Wrong Sphere
    Assigner
    Impacted products
    Vendor Product Version
    Docker Docker Desktop Affected: 4.25 , < 4.44.3 (semver)
    Create a notification for this product.
    Credits
    Felix Boulet zer0x64 (Philippe Dugre)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-9074",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-08-26T03:55:22.374847Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-26T17:48:24.266Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit",
                  "technical-description"
                ],
                "url": "https://pvotal.tech/breaking-dockers-isolation-using-docker-cve-2025-9074/"
              },
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://blog.qwertysecurity.com/Articles/blog3"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2025-09-25T16:43:01.881Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "https://blog.qwertysecurity.com/Articles/blog3.html"
              },
              {
                "url": "https://pvotal.tech/breaking-dockers-isolation-using-docker-cve-2025-9074/"
              },
              {
                "url": "https://www.bleepingcomputer.com/news/security/critical-docker-desktop-flaw-lets-attackers-hijack-windows-hosts/"
              },
              {
                "url": "https://www.vicarius.io/vsociety/posts/cve-2025-9074-mitigate-docker-desktop-vulnerability"
              },
              {
                "url": "https://www.vicarius.io/vsociety/posts/cve-2025-9074-detect-docker-desktop-vulnerability"
              }
            ],
            "title": "CVE Program Container",
            "x_generator": {
              "engine": "ADPogram 0.0.1"
            }
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows",
                "MacOS",
                "Linux",
                "x86",
                "ARM"
              ],
              "product": "Docker Desktop",
              "vendor": "Docker",
              "versions": [
                {
                  "lessThan": "4.44.3",
                  "status": "affected",
                  "version": "4.25",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Felix Boulet"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "zer0x64 (Philippe Dugre)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A vulnerability was identified in Docker Desktop that allows local running Linux containers to access the Docker Engine API via the configured Docker subnet, at 192.168.65.7:2375 by default. This vulnerability occurs with or without Enhanced Container Isolation (ECI) enabled, and with or without the \"Expose daemon on tcp://localhost:2375 without TLS\" option enabled.\u003cbr\u003eThis can lead to execution of a wide range of privileged commands to the engine API, including controlling other containers, creating new ones, managing images etc. In some circumstances (e.g. Docker Desktop for Windows with WSL backend) it also allows mounting the host drive with the same privileges as the user running Docker Desktop.\u003cbr\u003e"
                }
              ],
              "value": "A vulnerability was identified in Docker Desktop that allows local running Linux containers to access the Docker Engine API via the configured Docker subnet, at 192.168.65.7:2375 by default. This vulnerability occurs with or without Enhanced Container Isolation (ECI) enabled, and with or without the \"Expose daemon on tcp://localhost:2375 without TLS\" option enabled.\nThis can lead to execution of a wide range of privileged commands to the engine API, including controlling other containers, creating new ones, managing images etc. In some circumstances (e.g. Docker Desktop for Windows with WSL backend) it also allows mounting the host drive with the same privileges as the user running Docker Desktop."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-233",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-233 Privilege Escalation"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "LOCAL",
                "baseScore": 9.3,
                "baseSeverity": "CRITICAL",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "HIGH",
                "subConfidentialityImpact": "HIGH",
                "subIntegrityImpact": "HIGH",
                "userInteraction": "PASSIVE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-668",
                  "description": "CWE-668 Exposure of Resource to Wrong Sphere",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-08-20T13:31:13.886Z",
            "orgId": "686469e6-3ff6-451b-ab8b-cf5b9e89401e",
            "shortName": "Docker"
          },
          "references": [
            {
              "url": "https://docs.docker.com/desktop/release-notes/#4443"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Docker Desktop allows unauthenticated access to Docker Engine API from containers",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "686469e6-3ff6-451b-ab8b-cf5b9e89401e",
        "assignerShortName": "Docker",
        "cveId": "CVE-2025-9074",
        "datePublished": "2025-08-20T13:28:35.553Z",
        "dateReserved": "2025-08-15T15:08:07.774Z",
        "dateUpdated": "2026-02-26T17:48:24.266Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-6587 (GCVE-0-2025-6587)

    Vulnerability from cvelistv5 – Published: 2025-07-03 10:03 – Updated: 2026-02-26 18:27
    VLAI
    Title
    Exposure of system environment variables in Docker Desktop diagnostic logs
    Summary
    System environment variables are recorded in Docker Desktop diagnostic logs, when using shell auto-completion. This leads to unintentional disclosure of sensitive information such as api keys, passwords, etc.  A malicious actor with read access to these logs could obtain secrets and further use them to gain unauthorized access to other systems. Starting with version 4.43.0 Docker Desktop no longer logs system environment variables as part of diagnostics log collection.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-532 - Insertion of Sensitive Information into Log File
    Assigner
    Impacted products
    Vendor Product Version
    Docker Docker Desktop Affected: 0 , < 4.43.0 (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-6587",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-07-04T03:55:31.391658Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-26T18:27:56.445Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "MacOS",
                "Linux"
              ],
              "product": "Docker Desktop",
              "vendor": "Docker",
              "versions": [
                {
                  "lessThan": "4.43.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "System environment variables are recorded in Docker Desktop diagnostic logs, when using shell auto-completion. This leads to unintentional disclosure of sensitive information such as api keys, passwords, etc.\u0026nbsp;\u003cbr\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA malicious actor with read access to these logs could obtain secrets and further use them to gain unauthorized access to other systems. Starting with version 4.43.0 Docker Desktop no longer logs system environment variables as part of diagnostics log collection.\u003c/span\u003e\u003cbr\u003e\u003cbr\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cbr\u003e\u003c/div\u003e\u003c/div\u003e"
                }
              ],
              "value": "System environment variables are recorded in Docker Desktop diagnostic logs, when using shell auto-completion. This leads to unintentional disclosure of sensitive information such as api keys, passwords, etc.\u00a0\nA malicious actor with read access to these logs could obtain secrets and further use them to gain unauthorized access to other systems. Starting with version 4.43.0 Docker Desktop no longer logs system environment variables as part of diagnostics log collection."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-37",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-37 Retrieve Embedded Sensitive Data"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "PRESENT",
                "attackVector": "LOCAL",
                "baseScore": 5.2,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "HIGH",
                "subConfidentialityImpact": "HIGH",
                "subIntegrityImpact": "HIGH",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-532",
                  "description": "CWE-532 Insertion of Sensitive Information into Log File",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-07-03T10:13:53.570Z",
            "orgId": "686469e6-3ff6-451b-ab8b-cf5b9e89401e",
            "shortName": "Docker"
          },
          "references": [
            {
              "url": "https://docs.docker.com/desktop/troubleshoot-and-support/troubleshoot/#check-the-logs"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Exposure of system environment variables in Docker Desktop diagnostic logs",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "686469e6-3ff6-451b-ab8b-cf5b9e89401e",
        "assignerShortName": "Docker",
        "cveId": "CVE-2025-6587",
        "datePublished": "2025-07-03T10:03:27.155Z",
        "dateReserved": "2025-06-24T20:47:44.847Z",
        "dateUpdated": "2026-02-26T18:27:56.445Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-3911 (GCVE-0-2025-3911)

    Vulnerability from cvelistv5 – Published: 2025-04-29 17:20 – Updated: 2025-04-29 17:58
    VLAI
    Title
    Exposure in Docker Desktop logs of environment variables configured for running containers
    Summary
    Recording of environment variables, configured for running containers, in Docker Desktop application logs could lead to unintentional disclosure of sensitive information such as api keys, passwords, etc. A malicious actor with read access to these logs could obtain sensitive credentials information and further use it to gain unauthorized access to other systems. Starting with version 4.41.0, Docker Desktop no longer logs environment variables set by the user.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-532 - Insertion of Sensitive Information into Log File
    Assigner
    Impacted products
    Vendor Product Version
    Docker Docker Desktop Affected: 0 , < 4.41.0 (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-3911",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-29T17:58:42.810551Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-29T17:58:50.628Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows",
                "MacOS",
                "Linux"
              ],
              "product": "Docker Desktop",
              "vendor": "Docker",
              "versions": [
                {
                  "lessThan": "4.41.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Recording of environment variables, configured for running containers, in Docker Desktop application logs could lead to\u0026nbsp;unintentional disclosure of sensitive information such as api keys, passwords, etc.\u003cbr\u003e\u003cbr\u003eA malicious actor with read access to these logs could obtain sensitive credentials information and further use it to gain unauthorized access to other systems. Starting with version 4.41.0, Docker Desktop no longer logs environment variables set by the user.\u003cbr\u003e"
                }
              ],
              "value": "Recording of environment variables, configured for running containers, in Docker Desktop application logs could lead to\u00a0unintentional disclosure of sensitive information such as api keys, passwords, etc.\n\nA malicious actor with read access to these logs could obtain sensitive credentials information and further use it to gain unauthorized access to other systems. Starting with version 4.41.0, Docker Desktop no longer logs environment variables set by the user."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-37",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-37 Retrieve Embedded Sensitive Data"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "PRESENT",
                "attackVector": "LOCAL",
                "baseScore": 5.2,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "HIGH",
                "subConfidentialityImpact": "HIGH",
                "subIntegrityImpact": "HIGH",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-532",
                  "description": "CWE-532 Insertion of Sensitive Information into Log File",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-04-29T17:20:34.740Z",
            "orgId": "686469e6-3ff6-451b-ab8b-cf5b9e89401e",
            "shortName": "Docker"
          },
          "references": [
            {
              "url": "https://docs.docker.com/desktop/troubleshoot-and-support/troubleshoot/#check-the-logs"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Exposure in Docker Desktop logs of environment variables configured for running containers",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "686469e6-3ff6-451b-ab8b-cf5b9e89401e",
        "assignerShortName": "Docker",
        "cveId": "CVE-2025-3911",
        "datePublished": "2025-04-29T17:20:34.740Z",
        "dateReserved": "2025-04-23T20:43:14.232Z",
        "dateUpdated": "2025-04-29T17:58:50.628Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-4095 (GCVE-0-2025-4095)

    Vulnerability from cvelistv5 – Published: 2025-04-29 17:16 – Updated: 2025-04-29 18:00
    VLAI
    Title
    Registry Access Management (RAM) policies not applied when sign-in enforcement is configured via a configuration profile
    Summary
    Registry Access Management (RAM) is a security feature allowing administrators to restrict access for their developers to only allowed registries. When a MacOS configuration profile is used to enforce organization sign-in, the RAM policies are not being applied, which would allow Docker Desktop users to pull down unapproved, and potentially malicious images from any registry.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    Docker Docker Desktop Affected: 4.36.0 , < 4.41.0 (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-4095",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-29T17:59:56.533245Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-29T18:00:02.591Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "MacOS"
              ],
              "product": "Docker Desktop",
              "vendor": "Docker",
              "versions": [
                {
                  "lessThan": "4.41.0",
                  "status": "affected",
                  "version": "4.36.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Registry Access Management (RAM) is a security feature allowing administrators to restrict access for their developers to only allowed registries. When a MacOS configuration profile is used to enforce organization sign-in, the RAM policies are not being applied, which would allow Docker Desktop users to pull down unapproved, and potentially malicious images from any registry."
                }
              ],
              "value": "Registry Access Management (RAM) is a security feature allowing administrators to restrict access for their developers to only allowed registries. When a MacOS configuration profile is used to enforce organization sign-in, the RAM policies are not being applied, which would allow Docker Desktop users to pull down unapproved, and potentially malicious images from any registry."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-180",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-180 Exploiting Incorrectly Configured Access Control Security Levels"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "PRESENT",
                "attackVector": "LOCAL",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "HIGH",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:N/SI:H/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-862",
                  "description": "CWE-862 Missing Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-04-29T17:16:16.894Z",
            "orgId": "686469e6-3ff6-451b-ab8b-cf5b9e89401e",
            "shortName": "Docker"
          },
          "references": [
            {
              "url": "https://docs.docker.com/security/for-admins/hardened-desktop/registry-access-management"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Registry Access Management (RAM) policies not applied when sign-in enforcement is configured via a configuration profile",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "686469e6-3ff6-451b-ab8b-cf5b9e89401e",
        "assignerShortName": "Docker",
        "cveId": "CVE-2025-4095",
        "datePublished": "2025-04-29T17:16:16.894Z",
        "dateReserved": "2025-04-29T14:22:36.344Z",
        "dateUpdated": "2025-04-29T18:00:02.591Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-3224 (GCVE-0-2025-3224)

    Vulnerability from cvelistv5 – Published: 2025-04-28 19:21 – Updated: 2025-04-28 19:43
    VLAI
    Title
    Elevation of Privilege in Docker Desktop for Windows during Upgrade due to Insecure Directory Deletion
    Summary
    A vulnerability in the update process of Docker Desktop for Windows versions prior to 4.41.0 could allow a local, low-privileged attacker to escalate privileges to SYSTEM. During an update, Docker Desktop attempts to delete files and subdirectories under the path C:\ProgramData\Docker\config with high privileges. However, this directory often does not exist by default, and C:\ProgramData\ allows normal users to create new directories. By creating a malicious Docker\config folder structure at this location, an attacker can force the privileged update process to delete or manipulate arbitrary system files, leading to Elevation of Privilege.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-269 - Improper Privilege Management
    • CWE-59 - Improper Link Resolution Before File Access ('Link Following')
    Assigner
    Impacted products
    Vendor Product Version
    Docker Docker Desktop Affected: 0 , < 4.41.0 (semver)
    Create a notification for this product.
    Credits
    Dong-uk Kim, KAIST Hacking Lab
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-3224",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-28T19:42:52.263626Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-28T19:43:24.060Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows"
              ],
              "product": "Docker Desktop",
              "vendor": "Docker",
              "versions": [
                {
                  "lessThan": "4.41.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "Dong-uk Kim, KAIST Hacking Lab"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A vulnerability in the update process of Docker Desktop for Windows versions prior to 4.41.0\u0026nbsp;could allow a local, low-privileged attacker to escalate privileges to SYSTEM. During an update, Docker Desktop attempts to delete files and subdirectories under the path \u003ccode\u003eC:\\ProgramData\\Docker\\config\u003c/code\u003e with high privileges. However, this directory often does not exist by default, and \u003ccode\u003eC:\\ProgramData\\\u003c/code\u003e allows normal users to create new directories. By creating a malicious \u003ccode\u003eDocker\\config\u003c/code\u003e folder structure at this location, an attacker can force the privileged update process to delete or manipulate arbitrary system files, leading to Elevation of Privilege.\u003cbr\u003e\u003cbr\u003e"
                }
              ],
              "value": "A vulnerability in the update process of Docker Desktop for Windows versions prior to 4.41.0\u00a0could allow a local, low-privileged attacker to escalate privileges to SYSTEM. During an update, Docker Desktop attempts to delete files and subdirectories under the path C:\\ProgramData\\Docker\\config with high privileges. However, this directory often does not exist by default, and C:\\ProgramData\\ allows normal users to create new directories. By creating a malicious Docker\\config folder structure at this location, an attacker can force the privileged update process to delete or manipulate arbitrary system files, leading to Elevation of Privilege."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-165",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-165 File Manipulation"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "HIGH",
                "attackRequirements": "PRESENT",
                "attackVector": "LOCAL",
                "baseScore": 7.3,
                "baseSeverity": "HIGH",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "HIGH",
                "subConfidentialityImpact": "HIGH",
                "subIntegrityImpact": "HIGH",
                "userInteraction": "ACTIVE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-269",
                  "description": "CWE-269 Improper Privilege Management",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-59",
                  "description": "CWE-59 Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-04-28T19:21:15.851Z",
            "orgId": "686469e6-3ff6-451b-ab8b-cf5b9e89401e",
            "shortName": "Docker"
          },
          "references": [
            {
              "url": "https://www.zerodayinitiative.com/blog/2022/3/16/abusing-arbitrary-file-deletes-to-escalate-privilege-and-other-great-tricks"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Elevation of Privilege in Docker Desktop for Windows during Upgrade due to Insecure Directory Deletion",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "686469e6-3ff6-451b-ab8b-cf5b9e89401e",
        "assignerShortName": "Docker",
        "cveId": "CVE-2025-3224",
        "datePublished": "2025-04-28T19:21:15.851Z",
        "dateReserved": "2025-04-03T14:06:28.660Z",
        "dateUpdated": "2025-04-28T19:43:24.060Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-0495 (GCVE-0-2025-0495)

    Vulnerability from cvelistv5 – Published: 2025-03-17 19:21 – Updated: 2025-03-18 16:25
    VLAI
    Title
    Secrets leakage to telemetry endpoint via cache backend configuration via buildx
    Summary
    Buildx is a Docker CLI plugin that extends build capabilities using BuildKit. Cache backends support credentials by setting secrets directly as attribute values in cache-to/cache-from configuration. When supplied as user input, these secure values may be inadvertently captured in OpenTelemetry traces as part of the arguments and flags for the traced CLI command. OpenTelemetry traces are also saved in BuildKit daemon's history records. This vulnerability does not impact secrets passed to the Github cache backend via environment variables or registry authentication.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-532 - Insertion of Sensitive Information into Log File
    Assigner
    References
    Impacted products
    Vendor Product Version
    docker buildx Affected: 0 , ≤ 0.21.2 (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-0495",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-03-18T16:25:23.455442Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-03-18T16:25:42.668Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "packageName": "buildx",
              "product": "buildx",
              "repo": "https://github.com/docker/buildx",
              "vendor": "docker",
              "versions": [
                {
                  "lessThanOrEqual": "0.21.2",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eBuildx is a Docker CLI plugin that extends build capabilities using BuildKit.\u003c/p\u003e\u003cp\u003eCache backends support credentials by setting secrets directly as attribute values in \u003ccode\u003ecache-to/cache-from\u003c/code\u003e\u0026nbsp;configuration. When supplied as user input, these secure values may be inadvertently captured in OpenTelemetry traces as part of the arguments and flags for the traced CLI command.\u0026nbsp;OpenTelemetry traces are also saved in BuildKit daemon\u0027s history records.\u003cbr\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThis vulnerability does not impact secrets passed to the Github cache backend\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003evia environment variables or registry authentication\u003c/span\u003e.\u003c/span\u003e\u003cbr\u003e\u003c/p\u003e\u003cbr\u003e"
                }
              ],
              "value": "Buildx is a Docker CLI plugin that extends build capabilities using BuildKit.\n\nCache backends support credentials by setting secrets directly as attribute values in cache-to/cache-from\u00a0configuration. When supplied as user input, these secure values may be inadvertently captured in OpenTelemetry traces as part of the arguments and flags for the traced CLI command.\u00a0OpenTelemetry traces are also saved in BuildKit daemon\u0027s history records.\n\n\nThis vulnerability does not impact secrets passed to the Github cache backend\u00a0via environment variables or registry authentication."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-21",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-21 Exploitation of Trusted Identifiers"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "LOCAL",
                "baseScore": 4.1,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "HIGH",
                "subIntegrityImpact": "NONE",
                "userInteraction": "PASSIVE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:L/VI:N/VA:N/SC:H/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "LOW",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-532",
                  "description": "CWE-532 Insertion of Sensitive Information into Log File",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-03-17T19:21:11.295Z",
            "orgId": "686469e6-3ff6-451b-ab8b-cf5b9e89401e",
            "shortName": "Docker"
          },
          "references": [
            {
              "url": "https://github.com/docker/buildx"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Secrets leakage to telemetry endpoint via cache backend configuration via buildx",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "686469e6-3ff6-451b-ab8b-cf5b9e89401e",
        "assignerShortName": "Docker",
        "cveId": "CVE-2025-0495",
        "datePublished": "2025-03-17T19:21:11.295Z",
        "dateReserved": "2025-01-15T15:26:40.672Z",
        "dateUpdated": "2025-03-18T16:25:42.668Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-1696 (GCVE-0-2025-1696)

    Vulnerability from cvelistv5 – Published: 2025-03-06 11:58 – Updated: 2025-03-06 16:15
    VLAI
    Title
    Exposure of Proxy Credentials in Docker Desktop Logs
    Summary
    A vulnerability exists in Docker Desktop prior to version 4.39.0 that could lead to the unintentional disclosure of sensitive information via application logs. In affected versions, proxy configuration data—potentially including sensitive details—was written to log files in clear text whenever an HTTP GET request was made through a proxy. An attacker with read access to these logs could obtain the proxy information and leverage it for further attacks or unauthorized access. Starting with version 4.39.0, Docker Desktop no longer logs the proxy string, thereby mitigating this risk.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-532 - Insertion of Sensitive Information into Log File
    Assigner
    Impacted products
    Vendor Product Version
    Docker Docker Desktop Affected: 0 , < 4.39.0 (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-1696",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-03-06T16:15:38.635400Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-03-06T16:15:52.078Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows",
                "MacOS",
                "Linux"
              ],
              "product": "Docker Desktop",
              "vendor": "Docker",
              "versions": [
                {
                  "lessThan": "4.39.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "configurations": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Docker Desktop proxy is configured with Basic HTTP authentication scheme"
                }
              ],
              "value": "Docker Desktop proxy is configured with Basic HTTP authentication scheme"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A vulnerability exists in Docker Desktop prior to version 4.39.0 that could lead to the unintentional disclosure of sensitive information via application logs. In affected versions, proxy configuration data\u2014potentially including sensitive details\u2014was written to log files in clear text whenever an HTTP GET request was made through a proxy. An attacker with read access to these logs could obtain the proxy information and leverage it for further attacks or unauthorized access. Starting with version 4.39.0, Docker Desktop no longer logs the proxy string, thereby mitigating this risk."
                }
              ],
              "value": "A vulnerability exists in Docker Desktop prior to version 4.39.0 that could lead to the unintentional disclosure of sensitive information via application logs. In affected versions, proxy configuration data\u2014potentially including sensitive details\u2014was written to log files in clear text whenever an HTTP GET request was made through a proxy. An attacker with read access to these logs could obtain the proxy information and leverage it for further attacks or unauthorized access. Starting with version 4.39.0, Docker Desktop no longer logs the proxy string, thereby mitigating this risk."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-37",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-37 Retrieve Embedded Sensitive Data"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "PRESENT",
                "attackVector": "LOCAL",
                "baseScore": 5.2,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "HIGH",
                "subConfidentialityImpact": "HIGH",
                "subIntegrityImpact": "HIGH",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-532",
                  "description": "CWE-532 Insertion of Sensitive Information into Log File",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-03-06T11:58:43.389Z",
            "orgId": "686469e6-3ff6-451b-ab8b-cf5b9e89401e",
            "shortName": "Docker"
          },
          "references": [
            {
              "url": "https://docs.docker.com/desktop/settings-and-maintenance/settings/#proxies"
            },
            {
              "url": "https://docs.docker.com/desktop/troubleshoot-and-support/troubleshoot/#check-the-logs"
            }
          ],
          "source": {
            "discovery": "INTERNAL"
          },
          "title": "Exposure of Proxy Credentials in Docker Desktop Logs",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "686469e6-3ff6-451b-ab8b-cf5b9e89401e",
        "assignerShortName": "Docker",
        "cveId": "CVE-2025-1696",
        "datePublished": "2025-03-06T11:58:43.389Z",
        "dateReserved": "2025-02-25T16:19:49.992Z",
        "dateUpdated": "2025-03-06T16:15:52.078Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-10846 (GCVE-0-2024-10846)

    Vulnerability from cvelistv5 – Published: 2025-01-23 15:22 – Updated: 2025-04-25 23:02
    VLAI
    Title
    Excessive Platform Resource Consumption within a Loop when unmarshalling Compose file having recursive loop
    Summary
    The compose-go library component in versions v2.10-v2.4.0 allows an authorized user who sends malicious YAML payloads to cause the compose-go to consume excessive amount of Memory and CPU cycles while parsing YAML, such as used by Docker Compose from versions v2.27.0 to v2.29.7 included
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-20 - Improper Input Validation
    Assigner
    Impacted products
    Vendor Product Version
    compose-spec compose-go Affected: 0 , ≤ 2.4.0 (semver)
    Create a notification for this product.
    Date Public
    2025-01-21 13:32
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-10846",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-12T17:05:09.753736Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-02-12T17:05:14.108Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2025-04-25T23:02:53.505Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "https://security.netapp.com/advisory/ntap-20250425-0008/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://github.com/compose-spec/compose-go",
              "defaultStatus": "unaffected",
              "packageName": "compose-go",
              "product": "compose-go",
              "vendor": "compose-spec",
              "versions": [
                {
                  "lessThanOrEqual": "2.4.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "datePublic": "2025-01-21T13:32:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "The \u003ccode\u003ecompose-go\u003c/code\u003e library component in versions \u003ccode\u003ev2.10-v2.4.0\u003c/code\u003e allows an authorized user who sends malicious YAML payloads to cause the \u003ccode\u003ecompose-go\u003c/code\u003e to consume excessive amount of Memory and CPU cycles while parsing YAML, such as used by Docker Compose from versions \u003ccode\u003e v2.27.0\u003c/code\u003e to \u003ccode\u003ev2.29.7\u003c/code\u003e included"
                }
              ],
              "value": "The compose-go library component in versions v2.10-v2.4.0 allows an authorized user who sends malicious YAML payloads to cause the compose-go to consume excessive amount of Memory and CPU cycles while parsing YAML, such as used by Docker Compose from versions  v2.27.0 to v2.29.7 included"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-130",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-130 Excessive Allocation"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 5.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-20",
                  "description": "CWE-20 Improper Input Validation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-01-23T15:22:56.170Z",
            "orgId": "686469e6-3ff6-451b-ab8b-cf5b9e89401e",
            "shortName": "Docker"
          },
          "references": [
            {
              "url": "https://github.com/compose-spec/compose-go/security/advisories/GHSA-36gq-35j3-p9r9"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Excessive Platform Resource Consumption within a Loop when unmarshalling Compose file having recursive loop",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "686469e6-3ff6-451b-ab8b-cf5b9e89401e",
        "assignerShortName": "Docker",
        "cveId": "CVE-2024-10846",
        "datePublished": "2025-01-23T15:22:56.170Z",
        "dateReserved": "2024-11-05T10:21:55.528Z",
        "dateUpdated": "2025-04-25T23:02:53.505Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-9348 (GCVE-0-2024-9348)

    Vulnerability from cvelistv5 – Published: 2024-10-16 14:50 – Updated: 2024-10-17 13:30
    VLAI
    Title
    Docker Desktop before v4.34.3 allows RCE via unsanitized GitHub source link in Build view
    Summary
    Docker Desktop before v4.34.3 allows RCE via unsanitized GitHub source link in Build view.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-20 - Improper Input Validation
    • CWE-116 - Improper Encoding or Escaping of Output
    Assigner
    References
    Impacted products
    Vendor Product Version
    Docker Docker Desktop Affected: 0 , < 4.34.3 (semver)
    Create a notification for this product.
    docker desktop Affected: 0 , < 4.34.3 (semver)
        cpe:2.3:a:docker:desktop:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Date Public
    2024-10-09 15:45
    Credits
    Cure53
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:docker:desktop:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "desktop",
                "vendor": "docker",
                "versions": [
                  {
                    "lessThan": "4.34.3",
                    "status": "affected",
                    "version": "0",
                    "versionType": "semver"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-9348",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-16T15:25:16.890959Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-116",
                    "description": "CWE-116 Improper Encoding or Escaping of Output",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-17T13:30:08.548Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Builds view"
              ],
              "platforms": [
                "Windows",
                "MacOS",
                "Linux",
                "x86",
                "ARM"
              ],
              "product": "Docker Desktop",
              "vendor": "Docker",
              "versions": [
                {
                  "lessThan": "4.34.3",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Cure53"
            }
          ],
          "datePublic": "2024-10-09T15:45:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Docker Desktop before v4.34.3 allows RCE via unsanitized GitHub source link in Build view."
                }
              ],
              "value": "Docker Desktop before v4.34.3 allows RCE via unsanitized GitHub source link in Build view."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-63",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-63 Cross-Site Scripting (XSS)"
                }
              ]
            },
            {
              "capecId": "CAPEC-253",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-253 Remote Code Inclusion"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "HIGH",
                "attackRequirements": "PRESENT",
                "attackVector": "NETWORK",
                "baseScore": 8.9,
                "baseSeverity": "HIGH",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "HIGH",
                "subConfidentialityImpact": "HIGH",
                "subIntegrityImpact": "HIGH",
                "userInteraction": "ACTIVE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-20",
                  "description": "CWE-20 Improper Input Validation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-10-16T14:50:06.031Z",
            "orgId": "686469e6-3ff6-451b-ab8b-cf5b9e89401e",
            "shortName": "Docker"
          },
          "references": [
            {
              "tags": [
                "release-notes"
              ],
              "url": "https://docs.docker.com/desktop/release-notes/#4343"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Update to Docker Desktop 4.34.3 or later"
                }
              ],
              "value": "Update to Docker Desktop 4.34.3 or later"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Docker Desktop before v4.34.3 allows RCE via unsanitized GitHub source link in Build view",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "686469e6-3ff6-451b-ab8b-cf5b9e89401e",
        "assignerShortName": "Docker",
        "cveId": "CVE-2024-9348",
        "datePublished": "2024-10-16T14:50:06.031Z",
        "dateReserved": "2024-09-30T16:27:33.193Z",
        "dateUpdated": "2024-10-17T13:30:08.548Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-8696 (GCVE-0-2024-8696)

    Vulnerability from cvelistv5 – Published: 2024-09-12 17:54 – Updated: 2024-09-12 19:27
    VLAI
    Title
    A remote code execution (RCE) vulnerability via crafted extension publisher-url/additional-urls could be abused by a malicious extension in Docker Desktop before 4.34.2.
    Summary
    A remote code execution (RCE) vulnerability via crafted extension publisher-url/additional-urls could be abused by a malicious extension in Docker Desktop before 4.34.2.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
    • CWE-94 - Improper Control of Generation of Code ('Code Injection')
    Assigner
    References
    Impacted products
    Vendor Product Version
    Docker Docker Desktop Affected: 0 , < 4.34.2 (semver)
    Create a notification for this product.
    docker docker_desktop Affected: 0 , < 4.34.2 (semver)
        cpe:2.3:a:docker:docker_desktop:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Date Public
    2024-09-12 16:30
    Credits
    Cure53
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:docker:docker_desktop:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "docker_desktop",
                "vendor": "docker",
                "versions": [
                  {
                    "lessThan": "4.34.2",
                    "status": "affected",
                    "version": "0",
                    "versionType": "semver"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-8696",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-12T19:25:46.342468Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-12T19:27:18.773Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Docker Extensions"
              ],
              "platforms": [
                "Windows",
                "MacOS",
                "Linux",
                "x86",
                "ARM"
              ],
              "product": "Docker Desktop",
              "vendor": "Docker",
              "versions": [
                {
                  "lessThan": "4.34.2",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "configurations": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Docker Extensions are enabled"
                }
              ],
              "value": "Docker Extensions are enabled"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Cure53"
            }
          ],
          "datePublic": "2024-09-12T16:30:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A remote code execution (RCE) vulnerability via crafted extension publisher-url/additional-urls could be abused by a malicious extension in Docker Desktop before 4.34.2."
                }
              ],
              "value": "A remote code execution (RCE) vulnerability via crafted extension publisher-url/additional-urls could be abused by a malicious extension in Docker Desktop before 4.34.2."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-63",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-63 Cross-Site Scripting (XSS)"
                }
              ]
            },
            {
              "capecId": "CAPEC-253",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-253 Remote Code Inclusion"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "HIGH",
                "attackRequirements": "PRESENT",
                "attackVector": "NETWORK",
                "baseScore": 8.9,
                "baseSeverity": "HIGH",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "HIGH",
                "subConfidentialityImpact": "HIGH",
                "subIntegrityImpact": "HIGH",
                "userInteraction": "ACTIVE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-94",
                  "description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-09-12T17:54:34.968Z",
            "orgId": "686469e6-3ff6-451b-ab8b-cf5b9e89401e",
            "shortName": "Docker"
          },
          "references": [
            {
              "tags": [
                "release-notes"
              ],
              "url": "https://docs.docker.com/desktop/release-notes/#4342"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Update Docker Desktop to 4.34.2 or a later version"
                }
              ],
              "value": "Update Docker Desktop to 4.34.2 or a later version"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "A remote code execution (RCE) vulnerability via crafted extension publisher-url/additional-urls could be abused by a malicious extension in Docker Desktop before 4.34.2.",
          "workarounds": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://docs.docker.com/extensions/settings-feedback/#turn-on-or-turn-off-extensions\"\u003eTurn off\u0026nbsp;Docker Extensions\u003c/a\u003e\u003cbr\u003e"
                }
              ],
              "value": "Turn off\u00a0Docker Extensions https://docs.docker.com/extensions/settings-feedback/#turn-on-or-turn-off-extensions"
            },
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Configure a \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://docs.docker.com/extensions/private-marketplace/\"\u003eprivate marketplace\u003c/a\u003e with a curated list of trusted extensions (for Docker Business customers only)"
                }
              ],
              "value": "Configure a  private marketplace https://docs.docker.com/extensions/private-marketplace/  with a curated list of trusted extensions (for Docker Business customers only)"
            }
          ],
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "686469e6-3ff6-451b-ab8b-cf5b9e89401e",
        "assignerShortName": "Docker",
        "cveId": "CVE-2024-8696",
        "datePublished": "2024-09-12T17:54:34.968Z",
        "dateReserved": "2024-09-11T12:15:42.463Z",
        "dateUpdated": "2024-09-12T19:27:18.773Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-8695 (GCVE-0-2024-8695)

    Vulnerability from cvelistv5 – Published: 2024-09-12 17:52 – Updated: 2024-09-12 19:14
    VLAI
    Title
    A remote code execution (RCE) vulnerability via crafted extension description/changelog could be abused by a malicious extension in Docker Desktop before 4.34.2.
    Summary
    A remote code execution (RCE) vulnerability via crafted extension description/changelog could be abused by a malicious extension in Docker Desktop before 4.34.2.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
    • CWE-94 - Improper Control of Generation of Code ('Code Injection')
    Assigner
    References
    Impacted products
    Vendor Product Version
    Docker Docker Desktop Affected: 0 , < 4.34.2 (semver)
    Create a notification for this product.
    docker docker_desktop Affected: 0 , < 4.34.2 (semver)
        cpe:2.3:a:docker:docker_desktop:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Date Public
    2024-09-12 16:30
    Credits
    Cure53
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:docker:docker_desktop:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "docker_desktop",
                "vendor": "docker",
                "versions": [
                  {
                    "lessThan": "4.34.2",
                    "status": "affected",
                    "version": "0",
                    "versionType": "semver"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-8695",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-12T19:11:35.025092Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-12T19:14:03.622Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Docker Extensions"
              ],
              "platforms": [
                "Windows",
                "MacOS",
                "Linux",
                "x86",
                "ARM"
              ],
              "product": "Docker Desktop",
              "vendor": "Docker",
              "versions": [
                {
                  "lessThan": "4.34.2",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "configurations": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Docker Extensions are enabled"
                }
              ],
              "value": "Docker Extensions are enabled"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Cure53"
            }
          ],
          "datePublic": "2024-09-12T16:30:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A remote code execution (RCE) vulnerability via crafted extension description/changelog could be abused by a malicious extension in Docker Desktop before 4.34.2."
                }
              ],
              "value": "A remote code execution (RCE) vulnerability via crafted extension description/changelog could be abused by a malicious extension in Docker Desktop before 4.34.2."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-63",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-63 Cross-Site Scripting (XSS)"
                }
              ]
            },
            {
              "capecId": "CAPEC-253",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-253 Remote Code Inclusion"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "HIGH",
                "attackRequirements": "PRESENT",
                "attackVector": "NETWORK",
                "baseScore": 9,
                "baseSeverity": "CRITICAL",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "HIGH",
                "subConfidentialityImpact": "HIGH",
                "subIntegrityImpact": "HIGH",
                "userInteraction": "PASSIVE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-94",
                  "description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-09-12T17:52:55.491Z",
            "orgId": "686469e6-3ff6-451b-ab8b-cf5b9e89401e",
            "shortName": "Docker"
          },
          "references": [
            {
              "tags": [
                "release-notes"
              ],
              "url": "https://docs.docker.com/desktop/release-notes/#4342"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Update Docker Desktop to 4.34.2 or a later version"
                }
              ],
              "value": "Update Docker Desktop to 4.34.2 or a later version"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "A remote code execution (RCE) vulnerability via crafted extension description/changelog could be abused by a malicious extension in Docker Desktop before 4.34.2.",
          "workarounds": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://docs.docker.com/extensions/settings-feedback/#turn-on-or-turn-off-extensions\"\u003eTurn off\u0026nbsp;Docker Extensions\u003c/a\u003e\u003cbr\u003e"
                }
              ],
              "value": "Turn off\u00a0Docker Extensions https://docs.docker.com/extensions/settings-feedback/#turn-on-or-turn-off-extensions"
            },
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Configure a \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://docs.docker.com/extensions/private-marketplace/\"\u003eprivate marketplace\u003c/a\u003e with a curated list of trusted extensions (for Docker Business customers only)"
                }
              ],
              "value": "Configure a  private marketplace https://docs.docker.com/extensions/private-marketplace/  with a curated list of trusted extensions (for Docker Business customers only)"
            }
          ],
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "686469e6-3ff6-451b-ab8b-cf5b9e89401e",
        "assignerShortName": "Docker",
        "cveId": "CVE-2024-8695",
        "datePublished": "2024-09-12T17:52:55.491Z",
        "dateReserved": "2024-09-11T12:15:39.713Z",
        "dateUpdated": "2024-09-12T19:14:03.622Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-6222 (GCVE-0-2024-6222)

    Vulnerability from cvelistv5 – Published: 2024-07-09 17:16 – Updated: 2024-08-01 21:33
    VLAI
    Title
    In Docker Desktop before v4.29.0 an attacker who has gained access to the Docker Desktop VM through a container breakout can further escape to the host by passing extensions and dashboard related IPC messages
    Summary
    In Docker Desktop before v4.29.0, an attacker who has gained access to the Docker Desktop VM through a container breakout can further escape to the host by passing extensions and dashboard related IPC messages. Docker Desktop v4.29.0 https://docs.docker.com/desktop/release-notes/#4290 fixes the issue on MacOS, Linux and Windows with Hyper-V backend. As exploitation requires "Allow only extensions distributed through the Docker Marketplace" to be disabled, Docker Desktop  v4.31.0 https://docs.docker.com/desktop/release-notes/#4310  additionally changes the default configuration to enable this setting by default.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-923 - Improper Restriction of Communication Channel to Intended Endpoints
    Assigner
    References
    Impacted products
    Vendor Product Version
    Docker Inc. Docker Desktop Affected: 0 , < v4.29.0 (semver)
    Create a notification for this product.
    docker desktop Affected: 0 , < 4.29.0 (custom)
        cpe:2.3:a:docker:desktop:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Date Public
    2024-06-21 10:00
    Credits
    Billy Jheng Bing-Jhong Đỗ Minh Tuấn Muhammad Alifa Ramdhan Trend Micro Zero Day Initiative
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:docker:desktop:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "desktop",
                "vendor": "docker",
                "versions": [
                  {
                    "lessThan": "4.29.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-6222",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-07-31T00:00:00+00:00",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-08-01T03:55:55.155Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T21:33:05.292Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "release-notes",
                  "x_transferred"
                ],
                "url": "https://docs.docker.com/desktop/release-notes/#4290"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows",
                "MacOS",
                "Linux"
              ],
              "product": "Docker Desktop",
              "vendor": "Docker Inc.",
              "versions": [
                {
                  "lessThan": "v4.29.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "configurations": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Docker Extensions enabled"
                }
              ],
              "value": "Docker Extensions enabled"
            },
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\"Allow only extensions distributed through the Docker Marketplace\" disabled\u003cbr\u003e"
                }
              ],
              "value": "\"Allow only extensions distributed through the Docker Marketplace\" disabled"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Billy Jheng Bing-Jhong"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "\u0110\u1ed7 Minh Tu\u1ea5n"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "Muhammad Alifa Ramdhan"
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "Trend Micro Zero Day Initiative"
            }
          ],
          "datePublic": "2024-06-21T10:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "In Docker Desktop before v4.29.0, an attacker who has gained access to the Docker Desktop VM through a container breakout can further escape to the host by passing extensions and dashboard related IPC messages.\u003cbr\u003e\u003cbr\u003eDocker Desktop \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://docs.docker.com/desktop/release-notes/#4290\"\u003ev4.29.0\u003c/a\u003e fixes the issue on MacOS, Linux and Windows with Hyper-V backend.\u003cbr\u003e\u003cbr\u003eAs exploitation requires \"Allow only extensions distributed through the Docker Marketplace\" to be disabled, Docker Desktop\u0026nbsp;\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://docs.docker.com/desktop/release-notes/#4310\"\u003ev4.31.0\u003c/a\u003e\u0026nbsp;additionally changes the default configuration to enable this setting by default.\u003cbr\u003e"
                }
              ],
              "value": "In Docker Desktop before v4.29.0, an attacker who has gained access to the Docker Desktop VM through a container breakout can further escape to the host by passing extensions and dashboard related IPC messages.\n\nDocker Desktop  v4.29.0 https://docs.docker.com/desktop/release-notes/#4290  fixes the issue on MacOS, Linux and Windows with Hyper-V backend.\n\nAs exploitation requires \"Allow only extensions distributed through the Docker Marketplace\" to be disabled, Docker Desktop\u00a0 v4.31.0 https://docs.docker.com/desktop/release-notes/#4310 \u00a0additionally changes the default configuration to enable this setting by default."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-480",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-480 Escaping Virtualization"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "PRESENT",
                "attackVector": "LOCAL",
                "baseScore": 7.3,
                "baseSeverity": "HIGH",
                "privilegesRequired": "HIGH",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "HIGH",
                "subConfidentialityImpact": "HIGH",
                "subIntegrityImpact": "HIGH",
                "userInteraction": "PASSIVE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-923",
                  "description": "CWE-923: Improper Restriction of Communication Channel to Intended Endpoints",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-07-09T17:16:05.646Z",
            "orgId": "686469e6-3ff6-451b-ab8b-cf5b9e89401e",
            "shortName": "Docker"
          },
          "references": [
            {
              "tags": [
                "release-notes"
              ],
              "url": "https://docs.docker.com/desktop/release-notes/#4290"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "In Docker Desktop before v4.29.0 an attacker who has gained access to the Docker Desktop VM through a container breakout can further escape to the host by passing extensions and dashboard related IPC messages",
          "workarounds": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Disable Docker Extensions or enable \"Allow only extensions distributed through the Docker Marketplace\" from the Settings panel."
                }
              ],
              "value": "Disable Docker Extensions or enable \"Allow only extensions distributed through the Docker Marketplace\" from the Settings panel."
            }
          ],
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "686469e6-3ff6-451b-ab8b-cf5b9e89401e",
        "assignerShortName": "Docker",
        "cveId": "CVE-2024-6222",
        "datePublished": "2024-07-09T17:16:05.646Z",
        "dateReserved": "2024-06-20T18:47:44.854Z",
        "dateUpdated": "2024-08-01T21:33:05.292Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-5652 (GCVE-0-2024-5652)

    Vulnerability from cvelistv5 – Published: 2024-07-09 17:07 – Updated: 2025-03-19 15:47
    VLAI
    Title
    In Docker Desktop on Windows before v4.31.0 allows a user in the docker-users group to cause a Windows Denial-of-Service through the exec-path Docker daemon config option in Windows containers mode
    Summary
    In Docker Desktop on Windows before v4.31.0 allows a user in the docker-users group to cause a Windows Denial-of-Service through the exec-path Docker daemon config option in Windows containers mode.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-400 - Uncontrolled Resource Consumption
    Assigner
    References
    Impacted products
    Vendor Product Version
    Docker Inc. Docker Desktop Affected: 0 , < v4.31.0 (semver)
    Create a notification for this product.
    Date Public
    2024-06-06 15:15
    Credits
    Hashim Jawad ( @ihack4falafel) Trend Micro Zero Day Initiative
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-5652",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-07-23T18:59:59.468065Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-400",
                    "description": "CWE-400 Uncontrolled Resource Consumption",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-03-19T15:47:03.640Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T21:18:06.518Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "release-notes",
                  "x_transferred"
                ],
                "url": "https://docs.docker.com/desktop/release-notes/#4310"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows"
              ],
              "product": "Docker Desktop",
              "vendor": "Docker Inc.",
              "versions": [
                {
                  "lessThan": "v4.31.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "configurations": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Docker Desktop not installed with the --no-windows-containers installer flag\u003cbr\u003e"
                }
              ],
              "value": "Docker Desktop not installed with the --no-windows-containers installer flag"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Hashim Jawad ( @ihack4falafel)"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "Trend Micro Zero Day Initiative"
            }
          ],
          "datePublic": "2024-06-06T15:15:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "In Docker Desktop on Windows before v4.31.0\u0026nbsp;allows a user in the \u003ccode\u003edocker-users\u003c/code\u003e\u0026nbsp;group to cause a Windows Denial-of-Service through the \u003ccode\u003eexec-path\u003c/code\u003e\u0026nbsp;Docker daemon config option in Windows containers mode.\u003cbr\u003e"
                }
              ],
              "value": "In Docker Desktop on Windows before v4.31.0\u00a0allows a user in the docker-users\u00a0group to cause a Windows Denial-of-Service through the exec-path\u00a0Docker daemon config option in Windows containers mode."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-07-09T17:07:08.691Z",
            "orgId": "686469e6-3ff6-451b-ab8b-cf5b9e89401e",
            "shortName": "Docker"
          },
          "references": [
            {
              "tags": [
                "release-notes"
              ],
              "url": "https://docs.docker.com/desktop/release-notes/#4310"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "In Docker Desktop on Windows before v4.31.0 allows a user in the docker-users\u00a0group to cause a Windows Denial-of-Service through the exec-path\u00a0Docker daemon config option in Windows containers mode",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "686469e6-3ff6-451b-ab8b-cf5b9e89401e",
        "assignerShortName": "Docker",
        "cveId": "CVE-2024-5652",
        "datePublished": "2024-07-09T17:07:08.691Z",
        "dateReserved": "2024-06-05T10:54:16.890Z",
        "dateUpdated": "2025-03-19T15:47:03.640Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-0633 (GCVE-0-2023-0633)

    Vulnerability from cvelistv5 – Published: 2023-09-25 15:32 – Updated: 2024-09-24 14:59
    VLAI
    Title
    In Docker Desktop on Windows before 4.12.0 an argument injection to installer may result in LPE
    Summary
    In Docker Desktop on Windows before 4.12.0 an argument injection to installer may result in local privilege escalation (LPE).This issue affects Docker Desktop: before 4.12.0.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-88 - Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')
    Assigner
    References
    Impacted products
    Vendor Product Version
    Docker Inc. Docker Desktop Affected: 0 , < 4.12.0 (semver)
    Create a notification for this product.
    Date Public
    2022-09-01 10:00
    Credits
    Cure53
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T05:17:50.183Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "release-notes",
                  "x_transferred"
                ],
                "url": "https://docs.docker.com/desktop/release-notes/#4120"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-0633",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-24T14:59:08.624405Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-24T14:59:18.568Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows",
                "x86"
              ],
              "product": "Docker Desktop",
              "vendor": "Docker Inc.",
              "versions": [
                {
                  "lessThan": "4.12.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Cure53"
            }
          ],
          "datePublic": "2022-09-01T10:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "In Docker Desktop on Windows before 4.12.0 an argument injection to installer may result in local privilege escalation (LPE).\u003cp\u003eThis issue affects Docker Desktop: before 4.12.0.\u003c/p\u003e"
                }
              ],
              "value": "In Docker Desktop on Windows before 4.12.0 an argument injection to installer may result in local privilege escalation (LPE).This issue affects Docker Desktop: before 4.12.0.\n\n"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-233",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-233 Privilege Escalation"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-88",
                  "description": "CWE-88 Improper Neutralization of Argument Delimiters in a Command (\u0027Argument Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-09-25T15:32:20.271Z",
            "orgId": "686469e6-3ff6-451b-ab8b-cf5b9e89401e",
            "shortName": "Docker"
          },
          "references": [
            {
              "tags": [
                "release-notes"
              ],
              "url": "https://docs.docker.com/desktop/release-notes/#4120"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Update to 4.12.0"
                }
              ],
              "value": "Update to 4.12.0"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "In Docker Desktop on Windows before 4.12.0 an argument injection to installer may result in LPE",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "686469e6-3ff6-451b-ab8b-cf5b9e89401e",
        "assignerShortName": "Docker",
        "cveId": "CVE-2023-0633",
        "datePublished": "2023-09-25T15:32:20.271Z",
        "dateReserved": "2023-02-01T23:30:55.499Z",
        "dateUpdated": "2024-09-24T14:59:18.568Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-0627 (GCVE-0-2023-0627)

    Vulnerability from cvelistv5 – Published: 2023-09-25 15:31 – Updated: 2024-09-24 15:37
    VLAI
    Title
    Docker Desktop 4.11.x allows --no-windows-containers flag bypass
    Summary
    Docker Desktop 4.11.x allows --no-windows-containers flag bypass via IPC response spoofing which may lead to Local Privilege Escalation (LPE).This issue affects Docker Desktop: 4.11.X.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-501 - Trust Boundary Violation
    Assigner
    References
    Impacted products
    Date Public
    2022-09-01 10:00
    Credits
    Cure53
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T05:17:50.133Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "release-notes",
                  "x_transferred"
                ],
                "url": "https://docs.docker.com/desktop/release-notes/#4120"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-0627",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-24T15:37:26.565896Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-24T15:37:48.589Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows",
                "x86"
              ],
              "product": "Docker Desktop",
              "vendor": "Docker Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "4.11.x"
                }
              ]
            }
          ],
          "configurations": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Docker Desktop installed with the\u0026nbsp;\u003cspan style=\"background-color: rgb(239, 250, 102);\"\u003e--no-widnows-containers\u003c/span\u003e flag"
                }
              ],
              "value": "Docker Desktop installed with the\u00a0--no-widnows-containers flag"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Cure53"
            }
          ],
          "datePublic": "2022-09-01T10:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Docker Desktop 4.11.x allows \u003cspan style=\"background-color: rgb(239, 250, 102);\"\u003e--no-windows-containers\u003c/span\u003e flag bypass via IPC response spoofing which may lead to Local Privilege Escalation (LPE).\u003cp\u003eThis issue affects Docker Desktop: 4.11.X.\u003c/p\u003e"
                }
              ],
              "value": "Docker Desktop 4.11.x allows --no-windows-containers flag bypass via IPC response spoofing which may lead to Local Privilege Escalation (LPE).This issue affects Docker Desktop: 4.11.X.\n\n"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-554",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-554 Functionality Bypass"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 6.7,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-501",
                  "description": "CWE-501: Trust Boundary Violation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-09-25T15:31:58.782Z",
            "orgId": "686469e6-3ff6-451b-ab8b-cf5b9e89401e",
            "shortName": "Docker"
          },
          "references": [
            {
              "tags": [
                "release-notes"
              ],
              "url": "https://docs.docker.com/desktop/release-notes/#4120"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Update to 4.12.0"
                }
              ],
              "value": "Update to 4.12.0"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Docker Desktop 4.11.x allows --no-windows-containers flag bypass",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "686469e6-3ff6-451b-ab8b-cf5b9e89401e",
        "assignerShortName": "Docker",
        "cveId": "CVE-2023-0627",
        "datePublished": "2023-09-25T15:31:58.782Z",
        "dateReserved": "2023-02-01T22:31:05.774Z",
        "dateUpdated": "2024-09-24T15:37:48.589Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-0626 (GCVE-0-2023-0626)

    Vulnerability from cvelistv5 – Published: 2023-09-25 15:31 – Updated: 2024-09-24 15:38
    VLAI
    Title
    Docker Desktop before 4.12.0 is vulnerable to RCE via query parameters in message-box route
    Summary
    Docker Desktop before 4.12.0 is vulnerable to RCE via query parameters in message-box route. This issue affects Docker Desktop: before 4.12.0.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-94 - Improper Control of Generation of Code ('Code Injection')
    Assigner
    References
    Impacted products
    Vendor Product Version
    Docker Inc. Docker Desktop Affected: 0 , < 4.12.0 (semver)
    Create a notification for this product.
    Date Public
    2022-09-01 10:00
    Credits
    Masato Kinugawa Mohan Pedhapati
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T05:17:50.222Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "release-notes",
                  "x_transferred"
                ],
                "url": "https://docs.docker.com/desktop/release-notes/#4120"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-0626",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-24T15:38:25.790536Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-24T15:38:38.480Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows",
                "MacOS",
                "Linux",
                "x86",
                "ARM"
              ],
              "product": "Docker Desktop",
              "vendor": "Docker Inc.",
              "versions": [
                {
                  "lessThan": "4.12.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Masato Kinugawa"
            },
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Mohan Pedhapati"
            }
          ],
          "datePublic": "2022-09-01T10:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eDocker Desktop before 4.12.0 is vulnerable to RCE via query parameters in message-box route.\u003cbr\u003e\u003cbr\u003eThis issue affects Docker Desktop: before 4.12.0.\u003c/p\u003e"
                }
              ],
              "value": "Docker Desktop before 4.12.0 is vulnerable to RCE via query parameters in message-box route.\n\nThis issue affects Docker Desktop: before 4.12.0.\n\n"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-253",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-253 Remote Code Inclusion"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-94",
                  "description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-09-25T15:31:38.283Z",
            "orgId": "686469e6-3ff6-451b-ab8b-cf5b9e89401e",
            "shortName": "Docker"
          },
          "references": [
            {
              "tags": [
                "release-notes"
              ],
              "url": "https://docs.docker.com/desktop/release-notes/#4120"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Update to 4.12.0"
                }
              ],
              "value": "Update to 4.12.0"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Docker Desktop before 4.12.0 is vulnerable to RCE via query parameters in message-box route ",
          "workarounds": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Disable extensions"
                }
              ],
              "value": "Disable extensions"
            }
          ],
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "686469e6-3ff6-451b-ab8b-cf5b9e89401e",
        "assignerShortName": "Docker",
        "cveId": "CVE-2023-0626",
        "datePublished": "2023-09-25T15:31:38.283Z",
        "dateReserved": "2023-02-01T22:31:04.271Z",
        "dateUpdated": "2024-09-24T15:38:38.480Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-0625 (GCVE-0-2023-0625)

    Vulnerability from cvelistv5 – Published: 2023-09-25 15:31 – Updated: 2024-09-24 15:39
    VLAI
    Title
    Docker Desktop before 4.12.0 is vulnerable to RCE via a crafted extension description or changelog
    Summary
    Docker Desktop before 4.12.0 is vulnerable to RCE via a crafted extension description or changelog. This issue affects Docker Desktop: before 4.12.0.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    • CWE-94 - Improper Control of Generation of Code ('Code Injection')
    • CWE-829 - Inclusion of Functionality from Untrusted Control Sphere
    Assigner
    References
    Impacted products
    Vendor Product Version
    Docker Inc. Docker Desktop Affected: 0 , < 4.12.0 (semver)
    Create a notification for this product.
    Date Public
    2022-09-01 10:00
    Credits
    Masato Kinugawa
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T05:17:50.282Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "release-notes",
                  "x_transferred"
                ],
                "url": "https://docs.docker.com/desktop/release-notes/#4120"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-0625",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-24T15:39:03.026730Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-24T15:39:13.171Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows",
                "MacOS",
                "Linux",
                "x86",
                "ARM"
              ],
              "product": "Docker Desktop",
              "vendor": "Docker Inc.",
              "versions": [
                {
                  "lessThan": "4.12.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Masato Kinugawa"
            }
          ],
          "datePublic": "2022-09-01T10:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eDocker Desktop before 4.12.0 is vulnerable to RCE via a crafted extension description or changelog.\u003cbr\u003e\u003cbr\u003eThis issue affects Docker Desktop: before 4.12.0.\u003c/p\u003e"
                }
              ],
              "value": "Docker Desktop before 4.12.0 is vulnerable to RCE via a crafted extension description or changelog.\n\nThis issue affects Docker Desktop: before 4.12.0.\n\n"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-63",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-63 Cross-Site Scripting (XSS)"
                }
              ]
            },
            {
              "capecId": "CAPEC-253",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-253 Remote Code Inclusion"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-94",
                  "description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-829",
                  "description": "CWE-829 Inclusion of Functionality from Untrusted Control Sphere",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-09-25T15:31:09.114Z",
            "orgId": "686469e6-3ff6-451b-ab8b-cf5b9e89401e",
            "shortName": "Docker"
          },
          "references": [
            {
              "tags": [
                "release-notes"
              ],
              "url": "https://docs.docker.com/desktop/release-notes/#4120"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Update to 4.12.0"
                }
              ],
              "value": "Update to 4.12.0"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Docker Desktop before 4.12.0 is vulnerable to RCE via a crafted extension description or changelog",
          "workarounds": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Disable extensions"
                }
              ],
              "value": "Disable extensions"
            }
          ],
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "686469e6-3ff6-451b-ab8b-cf5b9e89401e",
        "assignerShortName": "Docker",
        "cveId": "CVE-2023-0625",
        "datePublished": "2023-09-25T15:31:09.114Z",
        "dateReserved": "2023-02-01T22:31:03.132Z",
        "dateUpdated": "2024-09-24T15:39:13.171Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-5166 (GCVE-0-2023-5166)

    Vulnerability from cvelistv5 – Published: 2023-09-25 15:30 – Updated: 2024-09-24 15:54
    VLAI
    Title
    Docker Desktop before 4.23.0 allows Access Token theft via a crafted extension icon URL
    Summary
    Docker Desktop before 4.23.0 allows Access Token theft via a crafted extension icon URL. This issue affects Docker Desktop: before 4.23.0.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
    Assigner
    References
    Impacted products
    Vendor Product Version
    Docker Inc. Docker Desktop Affected: 0 , < 4.23.0 (semver)
    Create a notification for this product.
    Date Public
    2023-09-11 10:00
    Credits
    M. Haunschmid
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T07:52:07.432Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "release-notes",
                  "x_transferred"
                ],
                "url": "https://docs.docker.com/desktop/release-notes/#4230"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-5166",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-24T15:53:56.675460Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-24T15:54:17.938Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows",
                "MacOS",
                "Linux",
                "x86",
                "ARM"
              ],
              "product": "Docker Desktop",
              "vendor": "Docker Inc.",
              "versions": [
                {
                  "lessThan": "4.23.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "M. Haunschmid"
            }
          ],
          "datePublic": "2023-09-11T10:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eDocker Desktop before 4.23.0 allows Access Token theft via a crafted extension icon URL.\u003cbr\u003e\u003cbr\u003eThis issue affects Docker Desktop: before 4.23.0.\u003c/p\u003e"
                }
              ],
              "value": "Docker Desktop before 4.23.0 allows Access Token theft via a crafted extension icon URL.\n\nThis issue affects Docker Desktop: before 4.23.0.\n\n"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-555",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-555 Remote Services with Stolen Credentials"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-200",
                  "description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-09-25T15:30:10.164Z",
            "orgId": "686469e6-3ff6-451b-ab8b-cf5b9e89401e",
            "shortName": "Docker"
          },
          "references": [
            {
              "tags": [
                "release-notes"
              ],
              "url": "https://docs.docker.com/desktop/release-notes/#4230"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Update Docker Desktop to 4.23.0"
                }
              ],
              "value": "Update Docker Desktop to 4.23.0"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Docker Desktop before 4.23.0 allows Access Token theft via a crafted extension icon URL",
          "workarounds": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Disable extensions"
                }
              ],
              "value": "Disable extensions"
            }
          ],
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "686469e6-3ff6-451b-ab8b-cf5b9e89401e",
        "assignerShortName": "Docker",
        "cveId": "CVE-2023-5166",
        "datePublished": "2023-09-25T15:30:10.164Z",
        "dateReserved": "2023-09-25T14:05:47.327Z",
        "dateUpdated": "2024-09-24T15:54:17.938Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }