CVE-2023-28841

CWE-311CWE-636CWE-755Improper Exception HandlingCWE-200Information Exposure10 documents7 sources
Severity
6.8MEDIUM
EPSS
3.1%
top 13.14%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Github.com Docker/dockerMobyproject MobyMoby Moby
Timeline
PublishedApr 4
Latest updateMay 1

Description

Moby is an open source container framework developed by Docker Inc. that is distributed as Docker, Mirantis Container Runtime, and various other downstream projects/products. The Moby daemon component (`dockerd`), which is developed as moby/moby is commonly referred to as *Docker*. Swarm Mode, which is compiled in and delivered by default in `dockerd` and is thus present in most major Moby downstreams, is a simple, built-in container orchestrator that is implemented through a combination of Swa

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:NExploitability: 2.2 | Impact: 4.0

Affected Packages5 packages

NVDmobyproject/moby1.12.020.10.24+1
CVEListV5moby/moby>= 1.12.0, < 20.10.24, >= 23.0.0, < 23.0.3+1
Gogithub.com/docker/docker1.12.020.10.24+3
Debiandocker.io< 20.10.24+dfsg1-1+2
Ubuntudocker.io< 20.10.21-0ubuntu1~18.04.3+esm3+3

Patches

Patch: github.comPatch: github.com

🔴Vulnerability Details

6
OSV
docker.io vulnerabilities2025-05-01
OSV
Docker Swarm encrypted overlay network traffic may be unencrypted in github.com/docker/docker2024-08-20
OSV
Docker Swarm encrypted overlay network traffic may be unencrypted2023-04-04
GHSA
Docker Swarm encrypted overlay network traffic may be unencrypted2023-04-04
CVEList
moby/moby's dockerd daemon encrypted overlay network traffic may be unencrypted2023-04-04

📋Vendor Advisories

3
Ubuntu
Docker vulnerabilities2025-05-01
Red Hat
moby: Encrypted overlay network traffic may be unencrypted2023-04-04
Debian
CVE-2023-28841: docker.io - Moby is an open source container framework developed by Docker Inc. that is dist...2023
CVE-2023-28841 (MEDIUM CVSS 6.8) | Moby is an open source container fr | cvebase.io