Skip to main content

Docker Desktop

11 CVEs product

Monthly

CVE-2023-5166 MEDIUM This Month

Docker Desktop before 4.23.0 allows Access Token theft via a crafted extension icon URL.23.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Docker Docker Desktop
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2023-5165 HIGH This Week

Docker Desktop before 4.23.0 allows an unprivileged user to bypass Enhanced Container Isolation (ECI) restrictions via the debug shell which remains accessible for a short time window after launching. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Docker Docker Desktop
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-0633 HIGH This Week

In Docker Desktop on Windows before 4.12.0 an argument injection to installer may result in local privilege escalation (LPE).12.0. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Microsoft Docker Docker Desktop
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-0627 HIGH This Week

Docker Desktop 4.11.x allows --no-windows-containers flag bypass via IPC response spoofing which may lead to Local Privilege Escalation (LPE).11.X. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Microsoft Docker Docker Desktop
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-0626 CRITICAL Act Now

Docker Desktop before 4.12.0 is vulnerable to RCE via query parameters in message-box route.12.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Code Injection Docker Docker Desktop
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-0625 CRITICAL Act Now

Docker Desktop before 4.12.0 is vulnerable to RCE via a crafted extension description or changelog.12.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Docker Docker Desktop
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-0629 HIGH This Week

Docker Desktop before 4.17.0 allows an unprivileged user to bypass Enhanced Container Isolation (ECI) restrictions by setting the Docker host to docker.raw.sock, or. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Microsoft Docker Docker Desktop
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2023-0628 HIGH This Week

Docker Desktop before 4.17.0 allows an attacker to execute an arbitrary command inside a Dev Environments container during initialization by tricking a user to open a crafted malicious. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Command Injection Docker Docker Desktop
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-26659 HIGH This Week

Docker Desktop installer on Windows in versions before 4.6.0 allows an attacker to overwrite any administrator writable files by creating a symlink in place of where the installer writes its log. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Microsoft Docker Docker Desktop
NVD GitHub
CVSS 3.1
7.1
EPSS
0.4%
CVE-2020-15360 HIGH POC This Week

com.docker.vmnetd in Docker Desktop 2.3.0.3 allows privilege escalation because of a lack of client verification. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Docker Privilege Escalation Authentication Bypass Docker Desktop
NVD
CVSS 3.1
7.8
EPSS
0.7%
CVE-2020-11492 HIGH This Week

An issue was discovered in Docker Desktop through 2.2.0.5 on Windows. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Race Condition Microsoft Docker Information Disclosure Docker Desktop
NVD
CVSS 3.1
7.8
EPSS
0.9%
EPSS 1% CVSS 6.5
MEDIUM This Month

Docker Desktop before 4.23.0 allows Access Token theft via a crafted extension icon URL.23.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Docker Docker Desktop
NVD
EPSS 0% CVSS 8.8
HIGH This Week

Docker Desktop before 4.23.0 allows an unprivileged user to bypass Enhanced Container Isolation (ECI) restrictions via the debug shell which remains accessible for a short time window after launching. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Docker Docker Desktop
NVD
EPSS 0% CVSS 7.8
HIGH This Week

In Docker Desktop on Windows before 4.12.0 an argument injection to installer may result in local privilege escalation (LPE).12.0. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Microsoft Docker +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Docker Desktop 4.11.x allows --no-windows-containers flag bypass via IPC response spoofing which may lead to Local Privilege Escalation (LPE).11.X. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Microsoft Docker +1
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

Docker Desktop before 4.12.0 is vulnerable to RCE via query parameters in message-box route.12.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Code Injection Docker +1
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

Docker Desktop before 4.12.0 is vulnerable to RCE via a crafted extension description or changelog.12.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Docker Docker Desktop
NVD
EPSS 0% CVSS 7.1
HIGH This Week

Docker Desktop before 4.17.0 allows an unprivileged user to bypass Enhanced Container Isolation (ECI) restrictions by setting the Docker host to docker.raw.sock, or. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Microsoft Docker +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Docker Desktop before 4.17.0 allows an attacker to execute an arbitrary command inside a Dev Environments container during initialization by tricking a user to open a crafted malicious. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Command Injection Docker Docker Desktop
NVD
EPSS 0% CVSS 7.1
HIGH This Week

Docker Desktop installer on Windows in versions before 4.6.0 allows an attacker to overwrite any administrator writable files by creating a symlink in place of where the installer writes its log. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Microsoft Docker +1
NVD GitHub
EPSS 1% CVSS 7.8
HIGH POC This Week

com.docker.vmnetd in Docker Desktop 2.3.0.3 allows privilege escalation because of a lack of client verification. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Docker Privilege Escalation Authentication Bypass +1
NVD
EPSS 1% CVSS 7.8
HIGH This Week

An issue was discovered in Docker Desktop through 2.2.0.5 on Windows. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Race Condition Microsoft Docker +2
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy