5 results (0.013 seconds)

CVSS: 8.9EPSS: 0%CPEs: 1EXPL: 0

Docker Desktop before v4.34.3 allows RCE via unsanitized GitHub source link in Build view. Docker Desktop anterior a v4.34.3 permite RCE a través de un enlace de origen de GitHub no desinfectado en la vista de compilación. • https://docs.docker.com/desktop/release-notes/#4343 • CWE-20: Improper Input Validation CWE-116: Improper Encoding or Escaping of Output •

CVSS: 8.9EPSS: 0%CPEs: 1EXPL: 0

A remote code execution (RCE) vulnerability via crafted extension publisher-url/additional-urls could be abused by a malicious extension in Docker Desktop before 4.34.2. • https://docs.docker.com/desktop/release-notes/#4342 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0

A remote code execution (RCE) vulnerability via crafted extension description/changelog could be abused by a malicious extension in Docker Desktop before 4.34.2. • https://docs.docker.com/desktop/release-notes/#4342 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 8.2EPSS: 0%CPEs: 1EXPL: 1

In Docker Desktop before v4.29.0, an attacker who has gained access to the Docker Desktop VM through a container breakout can further escape to the host by passing extensions and dashboard related IPC messages. Docker Desktop v4.29.0 https://docs.docker.com/desktop/release-notes/#4290 fixes the issue on MacOS, Linux and Windows with Hyper-V backend. As exploitation requires "Allow only extensions distributed through the Docker Marketplace" to be disabled, Docker Desktop  v4.31.0 https://docs.docker.com/desktop/release-notes/#4310  additionally changes the default configuration to enable this setting by default. This vulnerability allows local attackers to escalate privileges on affected installations of Docker Desktop. An attacker must first obtain the ability to execute high-privileged code within the container in order to exploit this vulnerability. The specific flaw exists within the the implemention of the Docker Extensions functionality. The issue results from an exposed dangerous function. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the host. • https://github.com/Florian-Hoth/CVE-2024-6222 https://docs.docker.com/desktop/release-notes/#4290 • CWE-923: Improper Restriction of Communication Channel to Intended Endpoints •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

In Docker Desktop on Windows before v4.31.0 allows a user in the docker-users group to cause a Windows Denial-of-Service through the exec-path Docker daemon config option in Windows containers mode. This vulnerability allows local attackers to create a denial-of-service condition on affected installations of Docker Desktop. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Daemon CLI. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to create a denial-of-service condition on the system. • https://docs.docker.com/desktop/release-notes/#4310 •