CVE-2023-0633

CVE-2023-0633 affects Docker Desktop on Windows prior to 4.12.0. The vulnerability is an argument injection to the installer, which may result in local privilege escalation (LPE). Impact is high (C/H/I/H/A/H in NVD metrics; LOCAL attack vector; no user interaction required in some vectors). Publi...

CVE-2023-0633 In Docker Desktop on Windows before 4.12.0 an argument injection to installer may result in LPE

In Docker Desktop on Windows before 4.12.0 an argument injection to installer may result in local privilege escalation LPE.This issue affects Docker Desktop: before 4.12.0...

CVE-2023-0633 In Docker Desktop on Windows before 4.12.0 an argument injection to installer may result in LPE

In Docker Desktop on Windows before 4.12.0 an argument injection to installer may result in local privilege escalation LPE.This issue affects Docker Desktop: before 4.12.0...

CVE-2023-0627 Docker Desktop 4.11.x allows --no-windows-containers flag bypass

Docker Desktop 4.11.x allows --no-windows-containers flag bypass via IPC response spoofing which may lead to Local Privilege Escalation LPE.This issue affects Docker Desktop: 4.11.X...

CVE-2023-0627 Docker Desktop 4.11.x allows --no-windows-containers flag bypass

Docker Desktop 4.11.x allows --no-windows-containers flag bypass via IPC response spoofing which may lead to Local Privilege Escalation LPE.This issue affects Docker Desktop: 4.11.X...

CVE-2023-0627

Docker Desktop 4.11.x is affected by CVE-2023-0627 due to IPC response spoofing that bypasses the --no-windows-containers flag, enabling Local Privilege Escalation. The root cause is spoofed IPC responses within Docker Desktop, which can let a local attacker escalate privileges. The available ref...

CVE-2023-0626 Docker Desktop before 4.12.0 is vulnerable to RCE via query parameters in message-box route

Docker Desktop before 4.12.0 is vulnerable to RCE via query parameters in message-box route. This issue affects Docker Desktop: before 4.12.0...

CVE-2023-0626

CVE-2023-0626 affects Docker Desktop prior to 4.12.0, where an RCE vulnerability exists via query parameters in the message-box route. Root cause is an insecure handling of query parameters in the message-box endpoint, leading to remote code execution with high impact on confidentiality, integrit...

CVE-2023-0625 Docker Desktop before 4.12.0 is vulnerable to RCE via a crafted extension description or changelog

Docker Desktop before 4.12.0 is vulnerable to RCE via a crafted extension description or changelog. This issue affects Docker Desktop: before 4.12.0...

CVE-2023-0625 Docker Desktop before 4.12.0 is vulnerable to RCE via a crafted extension description or changelog

Docker Desktop before 4.12.0 is vulnerable to RCE via a crafted extension description or changelog. This issue affects Docker Desktop: before 4.12.0...

CVE-2023-0625

Docker Desktop before 4.12.0 is vulnerable to remote code execution via a crafted extension description or changelog. Affected software is Docker Desktop (pre-4.12.0); impact is high/critical per CVSS. The issue arises from how extensions describe themselves or their changelogs, enabling RCE. Rem...

CVE-2023-5166 Docker Desktop before 4.23.0 allows Access Token theft via a crafted extension icon URL

Docker Desktop before 4.23.0 allows Access Token theft via a crafted extension icon URL. This issue affects Docker Desktop: before 4.23.0...

CVE-2023-5166 Docker Desktop before 4.23.0 allows Access Token theft via a crafted extension icon URL

Docker Desktop before 4.23.0 allows Access Token theft via a crafted extension icon URL. This issue affects Docker Desktop: before 4.23.0...

CVE-2023-5166

Docker Desktop before 4.23.0 is affected by CVE-2023-5166, enabling access token theft via a crafted extension icon URL. The issue affects Docker Desktop components related to extension icon handling and is described across multiple sources (NVD/NVD-like entries, PRION, PT-/security advisories). ...

CVE-2023-5165 Docker Desktop before 4.23.0 allows Enhanced Container Isolation bypass via debug shell

Docker Desktop before 4.23.0 allows an unprivileged user to bypass Enhanced Container Isolation ECI restrictions via the debug shell which remains accessible for a short time window after launching Docker Desktop. The affected functionality is available for Docker Business customers only and...

CVE-2023-5165 Docker Desktop before 4.23.0 allows Enhanced Container Isolation bypass via debug shell

Docker Desktop before 4.23.0 allows an unprivileged user to bypass Enhanced Container Isolation ECI restrictions via the debug shell which remains accessible for a short time window after launching Docker Desktop. The affected functionality is available for Docker Business customers only and...

CVE-2023-5165

CVE-2023-5165 affects Docker Desktop: versions 4.13.0 through 4.22.x are vulnerable to bypassing Enhanced Container Isolation (ECI) via the debug shell, allowing an unprivileged user to access restricted functionality. The root cause is exposure of the debug shell after startup, with access windo...

PT-2023-5443 · Docker · Docker Desktop

Name of the Vulnerable Software and Affected Versions: Docker Desktop versions 4.11.x Description: The issue is related to a violation of trust boundaries in Docker Desktop, which can be exploited to potentially allow an attacker to elevate their privileges. This is achieved through IPC response...

PT-2023-5446 · Docker · Docker Desktop

Name of the Vulnerable Software and Affected Versions: Docker Desktop versions 4.13.0 through 4.22.x Description: The issue is related to insufficient authorization procedures in Docker Desktop, allowing an unprivileged user to bypass Enhanced Container Isolation ECI restrictions. This can be...

PT-2023-5441 · Docker · Docker Desktop

Name of the Vulnerable Software and Affected Versions: Docker Desktop versions prior to 4.12.0 Description: The issue is related to incorrect code generation management in Docker Desktop, allowing a remote attacker to execute arbitrary code via query parameters in the message-box route. This can...