Docker: >> Docker Desktop >> 4.0.1 Security Vulnerabilities
Docker Desktop before 4.23.0 allows Access Token theft via a crafted extension icon URL.
This issue affects Docker Desktop: before 4.23.0.
CVSS Score
8.0
EPSS Score
0.002
Published
2023-09-25
Docker Desktop before 4.12.0 is vulnerable to RCE via a crafted extension description or changelog.
This issue affects Docker Desktop: before 4.12.0.
CVSS Score
8.0
EPSS Score
0.004
Published
2023-09-25
Docker Desktop before 4.12.0 is vulnerable to RCE via query parameters in message-box route.
This issue affects Docker Desktop: before 4.12.0.
CVSS Score
8.0
EPSS Score
0.004
Published
2023-09-25
In Docker Desktop on Windows before 4.12.0 an argument injection to installer may result in local privilege escalation (LPE).This issue affects Docker Desktop: before 4.12.0.
CVSS Score
7.2
EPSS Score
0.001
Published
2023-09-25
Docker Desktop before 4.17.0 allows an attacker to execute an arbitrary command inside a Dev Environments container during initialization by tricking a user to open a crafted malicious docker-desktop:// URL.
CVSS Score
6.1
EPSS Score
0.001
Published
2023-03-13
Docker Desktop 4.3.0 has Incorrect Access Control.
CVSS Score
8.4
EPSS Score
0.001
Published
2022-05-25
Docker Desktop installer on Windows in versions before 4.6.0 allows an attacker to overwrite any administrator writable files by creating a symlink in place of where the installer writes its log file. Starting from version 4.6.0, the Docker Desktop installer, when run elevated, will write its log files to a location not writable by non-administrator users.
CVSS Score
7.1
EPSS Score
0.001
Published
2022-03-25
Docker Desktop before 4.4.4 on Windows allows attackers to move arbitrary files.
CVSS Score
5.3
EPSS Score
0.002
Published
2022-02-01