Lucene search
DockerCVELIST:CVE-2024-8696HistorySep 12, 2024 - 5:54 p.m.
CVE-2024-8696 A remote code execution (RCE) vulnerability via crafted extension publisher-url/additional-urls could be abused by a malicious extension in Docker Desktop before 4.34.2.
2024-09-1217:54:34
CWE-79
CWE-94
Docker
www.cve.org
4
cve-2024-8696
rce
docker desktop before 4.34.2
CVSS4
8.9
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
ACTIVE
CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:A/VC:H/SC:H/VI:H/SI:H/VA:H/SA:H
EPSS
0.001
Percentile
40.4%
A remote code execution (RCE) vulnerability via crafted extension publisher-url/additional-urls could be abused by a malicious extension in Docker Desktop before 4.34.2.
CNA Affected
[
{
"defaultStatus": "unaffected",
"modules": [
"Docker Extensions"
],
"platforms": [
"Windows",
"MacOS",
"Linux",
"x86",
"ARM"
],
"product": "Docker Desktop",
"vendor": "Docker",
"versions": [
{
"lessThan": "4.34.2",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
]
CVSS4
8.9
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
ACTIVE
CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:A/VC:H/SC:H/VI:H/SI:H/VA:H/SA:H
EPSS
0.001
Percentile
40.4%
Related for CVELIST:CVE-2024-8696