CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-5165 – Docker Desktop before 4.23.0 allows Enhanced Container Isolation bypass via debug shell
https://notcve.org/view.php?id=CVE-2023-5165
Docker Desktop before 4.23.0 allows an unprivileged user to bypass Enhanced Container Isolation (ECI) restrictions via the debug shell which remains accessible for a short time window after launching Docker Desktop. The affected functionality is available for Docker Business customers only and assumes an environment where users are not granted local root or Administrator privileges. This issue has been fixed in Docker Desktop 4.23.0. Affected Docker Desktop versions: from 4.13.0 before 4.23.0. Docker Desktop anterior a 4.23.0 permite a un usuario sin privilegios evitar las restricciones de Enhanced Container Isolation (ECI) a través del shell de depuración, al que permanece accesible durante un breve período de tiempo después de iniciar Docker Desktop. La funcionalidad afectada está disponible solo para clientes de Docker Business y asume un entorno donde los usuarios no reciben privilegios de administrador o root local. Este problema se solucionó en Docker Desktop 4.23.0. • https://docs.docker.com/desktop/release-notes/#4230 • CWE-424: Improper Protection of Alternate Path CWE-862: Missing Authorization •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 2CVE-2023-40453
https://notcve.org/view.php?id=CVE-2023-40453
Docker Machine through 0.16.2 allows an attacker, who has control of a worker node, to provide crafted version data, which might potentially trick an administrator into performing an unsafe action (via escape sequence injection), or might have a data size that causes a denial of service to a bastion node. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. Docker Machine hasta 0.16.2 permite a un atacante, que tiene control de un nodo trabajador, proporcionar datos de versión manipulados, lo que podría engañar a un administrador para que realice una acción insegura (mediante inyección de secuencia de escape), o podría tener un tamaño de datos que cause una Denegación de Servicio (DoS) a un nodo bastión. NOTA: Esta vulnerabilidad solo afecta a productos que ya no son compatibles con el fabricante. • https://github.com/docker/machine/releases https://hackerone.com/reports/1916285 https://vin01.github.io/piptagole/docker/security/gitlab/docker-machine/2023/07/07/docker-machine-attack-surface.html • CWE-116: Improper Encoding or Escaping of Output •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-34844
https://notcve.org/view.php?id=CVE-2023-34844
Play With Docker < 0.0.2 has an insecure CAP_SYS_ADMIN privileged mode causing the docker container to escape. • https://hacku.top/wl/?id=MACBtnorZyp6hC3E5bw2CqBAusuWoKe3 •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2022-31647
https://notcve.org/view.php?id=CVE-2022-31647
Docker Desktop before 4.6.0 on Windows allows attackers to delete any file through the hyperv/destroy dockerBackendV2 API via a symlink in the DataFolder parameter, a different vulnerability than CVE-2022-26659. • https://docs.docker.com/desktop/release-notes/#docker-desktop-460 https://www.cyberark.com/resources/threat-research-blog/breaking-docker-named-pipes-systematically-docker-desktop-privilege-escalation-part-2 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2022-34292
https://notcve.org/view.php?id=CVE-2022-34292
Docker Desktop for Windows before 4.6.0 allows attackers to overwrite any file through a symlink attack on the hyperv/create dockerBackendV2 API by controlling the DataFolder parameter for DockerDesktop.vhdx, a similar issue to CVE-2022-31647. • https://docs.docker.com/desktop/release-notes/#docker-desktop-460 https://www.cyberark.com/resources/threat-research-blog/breaking-docker-named-pipes-systematically-docker-desktop-privilege-escalation-part-2 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •