Lucene search

DockerCVELIST:CVE-2023-0633

HistorySep 25, 2023 - 3:32 p.m.

CVE-2023-0633 In Docker Desktop on Windows before 4.12.0 an argument injection to installer may result in LPE

2023-09-2515:32:20

CWE-88

Docker

www.cve.org

cve-2023-0633

docker desktop

windows

argument injection

lpe

7.2 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N

0.0004 Low

EPSS

Percentile

5.1%

JSON

In Docker Desktop on Windows before 4.12.0 an argument injection to installer may result in local privilege escalation (LPE).This issue affects Docker Desktop: before 4.12.0.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "platforms": [
      "Windows",
      "x86"
    ],
    "product": "Docker Desktop",
    "vendor": "Docker Inc.",
    "versions": [
      {
        "lessThan": "4.12.0",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      }
    ]
  }
]

References

docs.docker.com/desktop/release-notes/#4120

7.2 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N

0.0004 Low

EPSS

Percentile

5.1%

JSON

Related for CVELIST:CVE-2023-0633