CVE-2023-1802
In Docker Desktop 4.17.x the Artifactory Integration falls back to sending registry credentials over plain HTTP if the HTTPS health check has failed
Severity Score
7.5
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
1
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
Track
*SSVC
Descriptions
In Docker Desktop 4.17.x the Artifactory Integration falls back to sending registry credentials over plain HTTP if the HTTPS health check has failed. A targeted network sniffing attack can lead to a disclosure of sensitive information. Only users who have Access Experimental Features enabled and have logged in to a private registry are affected.
In Docker Desktop 4.17.x the Artifactory Integration falls back to sending registry credentials over plain HTTP if the HTTPS health check has failed. A targeted network sniffing attack can lead to a disclosure of sensitive information. Only users who have Access Experimental Features enabled and have logged in to a private registry are affected.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:Track
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2023-04-03 CVE Reserved
- 2023-04-06 CVE Published
- 2025-02-10 CVE Updated
- 2025-02-10 First Exploit
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-319: Cleartext Transmission of Sensitive Information
CAPEC
- CAPEC-158: Sniffing Network Traffic
References (2)
| URL | Tag | Source |
|---|---|---|
| https://docs.docker.com/desktop/release-notes/#4180 | Release Notes |
| URL | Date | SRC |
|---|---|---|
| https://github.com/docker/for-win/issues/13344 | 2025-02-10 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Docker Search vendor "Docker" | Desktop Search vendor "Docker" for product "Desktop" | 4.17.0 Search vendor "Docker" for product "Desktop" and version "4.17.0" | windows |
Affected
| ||||||
| Docker Search vendor "Docker" | Desktop Search vendor "Docker" for product "Desktop" | 4.17.1 Search vendor "Docker" for product "Desktop" and version "4.17.1" | windows |
Affected
| ||||||