Vulnerability Details CVE-2023-40453
Docker Machine through 0.16.2 allows an attacker, who has control of a worker node, to provide crafted version data, which might potentially trick an administrator into performing an unsafe action (via escape sequence injection), or might have a data size that causes a denial of service to a bastion node. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 60.9%
CVSS Severity
CVSS v3 Score 6.5
References
- https://github.com/docker/machine/releases
- https://hackerone.com/reports/1916285
- https://vin01.github.io/piptagole/docker/security/gitlab/docker-machine/2023/07/07/docker-machine-attack-surface.html
- https://github.com/docker/machine/releases
- https://hackerone.com/reports/1916285
- https://vin01.github.io/piptagole/docker/security/gitlab/docker-machine/2023/07/07/docker-machine-attack-surface.html
Products affected by CVE-2023-40453
-
cpe:2.3:a:docker:machine:0.1.0
-
cpe:2.3:a:docker:machine:0.10.0
-
cpe:2.3:a:docker:machine:0.11.0
-
cpe:2.3:a:docker:machine:0.12.0
-
cpe:2.3:a:docker:machine:0.12.1
-
cpe:2.3:a:docker:machine:0.12.2
-
cpe:2.3:a:docker:machine:0.13.0
-
cpe:2.3:a:docker:machine:0.14.0
-
cpe:2.3:a:docker:machine:0.15.0
-
cpe:2.3:a:docker:machine:0.16.0
-
cpe:2.3:a:docker:machine:0.16.1
-
cpe:2.3:a:docker:machine:0.16.2
-
cpe:2.3:a:docker:machine:0.2.0
-
cpe:2.3:a:docker:machine:0.3.0
-
cpe:2.3:a:docker:machine:0.3.1
-
cpe:2.3:a:docker:machine:0.4.0
-
cpe:2.3:a:docker:machine:0.4.1
-
cpe:2.3:a:docker:machine:0.5.0
-
cpe:2.3:a:docker:machine:0.5.1
-
cpe:2.3:a:docker:machine:0.5.2
-
cpe:2.3:a:docker:machine:0.5.3
-
cpe:2.3:a:docker:machine:0.5.4
-
cpe:2.3:a:docker:machine:0.5.5
-
cpe:2.3:a:docker:machine:0.5.6
-
cpe:2.3:a:docker:machine:0.6.0
-
cpe:2.3:a:docker:machine:0.7.0
-
cpe:2.3:a:docker:machine:0.8.0
-
cpe:2.3:a:docker:machine:0.8.1
-
cpe:2.3:a:docker:machine:0.8.2
-
cpe:2.3:a:docker:machine:0.9.0