CVSS: 8.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-5166 – Docker Desktop before 4.23.0 allows Access Token theft via a crafted extension icon URL
https://notcve.org/view.php?id=CVE-2023-5166
25 Sep 2023 — Docker Desktop before 4.23.0 allows Access Token theft via a crafted extension icon URL. This issue affects Docker Desktop: before 4.23.0. Docker Desktop anterior a 4.23.0 permite el robo de tokens de acceso a través de una URL de icono de extensión manipulada. Este problema afecta a Docker Desktop: versiones anteriores a 4.23.0. • https://docs.docker.com/desktop/release-notes/#4230 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-0628 – Docker Desktop before 4.17.0 allows an attacker to execute an arbitrary command inside a Dev Environments container during initialization by tricking a user to open a crafted malicious docker-desktop:// URL
https://notcve.org/view.php?id=CVE-2023-0628
13 Mar 2023 — Docker Desktop before 4.17.0 allows an attacker to execute an arbitrary command inside a Dev Environments container during initialization by tricking a user to open a crafted malicious docker-desktop:// URL. • https://docs.docker.com/desktop/release-notes/#4170 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •