Lucene search

[email protected]NVD:CVE-2023-5165

HistorySep 25, 2023 - 4:15 p.m.

CVE-2023-5165

2023-09-2516:15:15

CWE-424

CWE-862

[email protected]

web.nvd.nist.gov

cve-2023-5165

docker desktop

enhanced container isolation

bypass

security vulnerability

update

8.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

7.4 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.2%

JSON

Docker Desktop before 4.23.0 allows an unprivileged user to bypass Enhanced Container Isolation (ECI) restrictions via the debug shell which remains accessible for a short time window after launching Docker Desktop. The affected functionality is available for Docker Business customers only and assumes an environment where users are not granted local root or Administrator privileges.

This issue has been fixed in Docker Desktop 4.23.0.

Affected Docker Desktop versions: from 4.13.0 before 4.23.0.

Affected configurations

NVD

Node

dockerdocker_desktopRange4.13.0–4.23.0

References

docs.docker.com/desktop/release-notes/#4230

8.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

7.4 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.2%

JSON

Related for NVD:CVE-2023-5165

prion1 cve1 cvelist1