CVE-2023-28840

CWE-420CWE-636CWE-203CWE-755Improper Exception Handling10 documents7 sources
Severity
8.7HIGH
EPSS
0.5%
top 34.89%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Github.com Docker/dockerMobyproject MobyMoby Moby
Timeline
PublishedApr 4
Latest updateMay 1

Description

Moby is an open source container framework developed by Docker Inc. that is distributed as Docker, Mirantis Container Runtime, and various other downstream projects/products. The Moby daemon component (`dockerd`), which is developed as moby/moby, is commonly referred to as *Docker*. Swarm Mode, which is compiled in and delivered by default in dockerd and is thus present in most major Moby downstreams, is a simple, built-in container orchestrator that is implemented through a combination of Swar

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:LExploitability: 2.2 | Impact: 4.7

Affected Packages5 packages

NVDmobyproject/moby1.12.020.10.24+1
CVEListV5moby/moby>= 1.12.0, < 20.10.24, >= 23.0.0, < 23.0.3+1
Gogithub.com/docker/docker1.12.020.10.24+3
Debiandocker.io< 20.10.24+dfsg1-1+2
Ubuntudocker.io< 20.10.21-0ubuntu1~18.04.3+esm3+3

Patches

Patch: github.comPatch: github.com

🔴Vulnerability Details

6
OSV
docker.io vulnerabilities2025-05-01
OSV
Docker Swarm encrypted overlay network may be unauthenticated in github.com/docker/docker2024-08-20
OSV
Docker Swarm encrypted overlay network may be unauthenticated2023-04-04
OSV
CVE-2023-28840: Moby is an open source container framework developed by Docker Inc2023-04-04
GHSA
Docker Swarm encrypted overlay network may be unauthenticated2023-04-04

📋Vendor Advisories

3
Ubuntu
Docker vulnerabilities2025-05-01
Red Hat
moby: Encrypted overlay network may be unauthenticated2023-04-04
Debian
CVE-2023-28840: docker.io - Moby is an open source container framework developed by Docker Inc. that is dist...2023
CVE-2023-28840 (HIGH CVSS 8.7) | Moby is an open source container fr | cvebase.io