Docker Desktop@* Security Vulnerabilities and Issues — Docker Desktop@* CVE List

DockerDocker Desktop*

8 matches found

CVE•added 2022/02/01 5:30 a.m.•171 views

CVE-2022-23774

Docker Desktop for Windows is affected by CVE-2022-23774 (and follow-on CVE-2022-25365 noting an incomplete fix). The vulnerability enables attackers to move arbitrary files due to issues in the Windows Docker Desktop implementation, with references indicating this affects versions before 4.4.4 a...

5.3CVSS5.5AI score0.00911EPSS

CVE•added 2022/03/25 8:50 p.m.•156 views

CVE-2022-26659

Docker Desktop for Windows prior to version 4.6.0 is affected. The installer can be abused to overwrite administrator-writable files by creating a symlink that redirects the log file path, as described in RH and NVD entries for CVE-2022-26659. Starting with 4.6.0, the installer writes logs to a l...

7.1CVSS6.7AI score0.00425EPSS

CVE•added 2023/03/13 11:16 a.m.•87 views

CVE-2023-0628

Docker Desktop before 4.17.0 is affected by an issue where an attacker can execute arbitrary commands inside a Dev Environments container during initialization by convincing a user to open a crafted docker-desktop:// URL. Affected product: Docker Desktop (Dev Environments container). Root cause i...

7.8CVSS7AI score0.00265EPSS

CVE•added 2022/05/25 3:31 p.m.•78 views

CVE-2021-44719

Summary: CVE-2021-44719 affects Docker Desktop 4.3.0 with an Incorrect Access Control issue. The vulnerability is described as a local-privilege/host-access problem where a container could access restricted host files, bypassing the allowed sharing rules (per Nessus NASL description for Mac, and ...

8.4CVSS8.3AI score0.00262EPSS

CVE•added 2023/09/25 3:31 p.m.•78 views

CVE-2023-0626

CVE-2023-0626 affects Docker Desktop prior to 4.12.0, where an RCE vulnerability exists via query parameters in the message-box route. Root cause is an insecure handling of query parameters in the message-box endpoint, leading to remote code execution with high impact on confidentiality, integrit...

9.8CVSS8.3AI score0.00739EPSS

CVE•added 2023/09/25 3:32 p.m.•62 views

CVE-2023-0633

CVE-2023-0633 affects Docker Desktop on Windows prior to 4.12.0. The vulnerability is an argument injection to the installer, which may result in local privilege escalation (LPE). Impact is high (C/H/I/H/A/H in NVD metrics; LOCAL attack vector; no user interaction required in some vectors). Publi...

7.8CVSS7.5AI score0.00269EPSS

CVE•added 2023/09/25 3:30 p.m.•62 views

CVE-2023-5166

Docker Desktop before 4.23.0 is affected by CVE-2023-5166, enabling access token theft via a crafted extension icon URL. The issue affects Docker Desktop components related to extension icon handling and is described across multiple sources (NVD/NVD-like entries, PRION, PT-/security advisories). ...

8CVSS6.8AI score0.00683EPSS

CVE•added 2023/09/25 3:31 p.m.•48 views

CVE-2023-0625

Docker Desktop before 4.12.0 is vulnerable to remote code execution via a crafted extension description or changelog. Affected software is Docker Desktop (pre-4.12.0); impact is high/critical per CVSS. The issue arises from how extensions describe themselves or their changelogs, enabling RCE. Rem...

9.8CVSS8.2AI score0.00739EPSS