6 matches found
CVE-2022-31647
Docker Desktop before 4.6.0 on Windows allows attackers to delete any file through the hyperv/destroy dockerBackendV2 API via a symlink in the DataFolder parameter, a different vulnerability than CVE-2022-26659...
CVE-2022-34292
Docker Desktop for Windows before 4.6.0 allows attackers to overwrite any file through a symlink attack on the hyperv/create dockerBackendV2 API by controlling the DataFolder parameter for DockerDesktop.vhdx, a similar issue to CVE-2022-31647...
Code injection
Docker Desktop for Windows before 4.6.0 allows attackers to overwrite any file through a symlink attack on the hyperv/create dockerBackendV2 API by controlling the DataFolder parameter for DockerDesktop.vhdx, a similar issue to CVE-2022-31647...
CVE-2022-34292
CVE-2022-34292 affects Docker Desktop for Windows prior to 4.6.0. The vulnerability stems from a symlink attack on the hyperv/create dockerBackendV2 API, where an attacker can influence the DataFolder parameter for DockerDesktop.vhdx to overwrite arbitrary files. This is described as a related is...
CVE-2022-31647
Docker Desktop before 4.6.0 on Windows allows attackers to delete any file through the hyperv/destroy dockerBackendV2 API via a symlink in the DataFolder parameter, a different vulnerability than CVE-2022-26659...
CVE-2022-31647
Docker Desktop for Windows is affected by CVE-2022-31647 in the hyperv/destroy dockerBackendV2 API, where a symlink in the DataFolder parameter can be abused to delete arbitrary files. The issue is tied to Docker Desktop prior to 4.6.0; the vulnerability’s activity is described as a local attack ...