CVSS4
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
ACTIVE
CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:A/VC:H/SC:H/VI:H/SI:H/VA:H/SA:H
AI Score
Confidence
Low
EPSS
Percentile
40.4%
SSVC
Exploitation
none
Automatable
no
Technical Impact
total
A remote code execution (RCE) vulnerability via crafted extension publisher-url/additional-urls could be abused by a malicious extension in Docker Desktop before 4.34.2.
[
{
"cpes": [
"cpe:2.3:a:docker:docker_desktop:*:*:*:*:*:*:*:*"
],
"vendor": "docker",
"product": "docker_desktop",
"versions": [
{
"status": "affected",
"version": "0",
"lessThan": "4.34.2",
"versionType": "semver"
}
],
"defaultStatus": "unknown"
}
]
CVSS4
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
ACTIVE
CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:A/VC:H/SC:H/VI:H/SI:H/VA:H/SA:H
AI Score
Confidence
Low
EPSS
Percentile
40.4%
SSVC
Exploitation
none
Automatable
no
Technical Impact
total