Lucene search
HistorySep 25, 2023 - 4:15 p.m.
CVE-2023-0625
cve
2023
0625
docker desktop
rce
vulnerability
crafted
extension
changelog
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.2 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
48.4%
Docker Desktop before 4.12.0 is vulnerable to RCE via a crafted extension description or changelog.
This issue affects Docker Desktop: before 4.12.0.
Affected configurations
Node
dockerdocker_desktopRange<4.12.0
| CPE | Name | Operator | Version |
|---|---|---|---|
| docker:docker_desktop | docker docker desktop | lt | 4.12.0 |
CNA Affected
[
{
"defaultStatus": "unaffected",
"platforms": [
"Windows",
"MacOS",
"Linux",
"x86",
"ARM"
],
"product": "Docker Desktop",
"vendor": "Docker Inc.",
"versions": [
{
"lessThan": "4.12.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
]Related
prion
prion
Code injection
2023-09-25 16:15:00
nvd
nvd
CVE-2023-0625
2023-09-25 16:15:13
cvelist
cvelist
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.2 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
48.4%
Related for CVE-2023-0625