Lucene search

DockerCVELIST:CVE-2023-0628

HistoryMar 13, 2023 - 11:16 a.m.

CVE-2023-0628 Docker Desktop before 4.17.0 allows an attacker to execute an arbitrary command inside a Dev Environments container during initialization by tricking a user to open a crafted malicious docker-desktop:// URL

2023-03-1311:16:30

CWE-77

Docker

www.cve.org

docker

desktop

vulnerability

arbitrary command execution

dev environments container

initialization

url

crafted

malicious

6.1 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N

0.001 Low

EPSS

Percentile

23.0%

JSON

Docker Desktop before 4.17.0 allows an attacker to execute an arbitrary command inside a Dev Environments container during initialization by tricking a user to open a crafted malicious docker-desktop:// URL.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "modules": [
      "Dev Environments"
    ],
    "platforms": [
      "Windows",
      "MacOS",
      "Linux"
    ],
    "product": "Docker Desktop",
    "vendor": "Docker Inc.",
    "versions": [
      {
        "lessThan": "4.17.0",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      }
    ]
  }
]

References

docs.docker.com/desktop/release-notes/#4170

6.1 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N

0.001 Low

EPSS

Percentile

23.0%

JSON

Related for CVELIST:CVE-2023-0628