Docker: >> Docker Desktop >> 4.11.1 Security Vulnerabilities
Docker Desktop before 4.23.0 allows Access Token theft via a crafted extension icon URL.
This issue affects Docker Desktop: before 4.23.0.
CVSS Score
8.0
EPSS Score
0.002
Published
2023-09-25
Docker Desktop before 4.12.0 is vulnerable to RCE via a crafted extension description or changelog.
This issue affects Docker Desktop: before 4.12.0.
CVSS Score
8.0
EPSS Score
0.004
Published
2023-09-25
Docker Desktop before 4.12.0 is vulnerable to RCE via query parameters in message-box route.
This issue affects Docker Desktop: before 4.12.0.
CVSS Score
8.0
EPSS Score
0.004
Published
2023-09-25
Docker Desktop 4.11.x allows --no-windows-containers flag bypass via IPC response spoofing which may lead to Local Privilege Escalation (LPE).This issue affects Docker Desktop: 4.11.X.
CVSS Score
6.7
EPSS Score
0.0
Published
2023-09-25
In Docker Desktop on Windows before 4.12.0 an argument injection to installer may result in local privilege escalation (LPE).This issue affects Docker Desktop: before 4.12.0.
CVSS Score
7.2
EPSS Score
0.001
Published
2023-09-25
Docker Desktop before 4.17.0 allows an attacker to execute an arbitrary command inside a Dev Environments container during initialization by tricking a user to open a crafted malicious docker-desktop:// URL.
CVSS Score
6.1
EPSS Score
0.001
Published
2023-03-13