cbcvebase.

Docker Inc Docker Desktop vulnerabilities

11 known vulnerabilities affecting docker_inc/docker_desktop.

Total CVEs
11
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL2HIGH6MEDIUM3

Vulnerabilities

Page 1 of 1
CVE-2023-0625P3CRITICALCVSS 9.8fixed in 4.12.02023-09-25
CVE-2023-0625 [CRITICAL] CWE-79 CVE-2023-0625: Docker Desktop before 4.12.0 is vulnerable to RCE via a crafted extension description or changelog. Docker Desktop before 4.12.0 is vulnerable to RCE via a crafted extension description or changelog. This issue affects Docker Desktop: before 4.12.0.
nvd
CVE-2023-0626P3CRITICALCVSS 9.8fixed in 4.12.02023-09-25
CVE-2023-0626 [CRITICAL] CWE-94 CVE-2023-0626: Docker Desktop before 4.12.0 is vulnerable to RCE via query parameters in message-box route. This i Docker Desktop before 4.12.0 is vulnerable to RCE via query parameters in message-box route. This issue affects Docker Desktop: before 4.12.0.
nvd
CVE-2023-5165P3HIGHCVSS 8.8≥ 4.13.0, < 4.23.02023-09-25
CVE-2023-5165 [HIGH] CWE-424 CVE-2023-5165: Docker Desktop before 4.23.0 allows an unprivileged user to bypass Enhanced Container Isolation (ECI Docker Desktop before 4.23.0 allows an unprivileged user to bypass Enhanced Container Isolation (ECI) restrictions via the debug shell which remains accessible for a short time window after launching Docker Desktop. The affected functionality is available for Docker Business customers only and assumes an environment where users are not granted local roo
nvd
CVE-2023-0633P3HIGHCVSS 7.8fixed in 4.12.02023-09-25
CVE-2023-0633 [HIGH] CWE-88 CVE-2023-0633: In Docker Desktop on Windows before 4.12.0 an argument injection to installer may result in local pr In Docker Desktop on Windows before 4.12.0 an argument injection to installer may result in local privilege escalation (LPE).This issue affects Docker Desktop: before 4.12.0.
nvd
CVE-2023-0627P3HIGHCVSS 7.8v4.11.x2023-09-25
CVE-2023-0627 [HIGH] CWE-501 CVE-2023-0627: Docker Desktop 4.11.x allows --no-windows-containers flag bypass via IPC response spoofing which may Docker Desktop 4.11.x allows --no-windows-containers flag bypass via IPC response spoofing which may lead to Local Privilege Escalation (LPE).This issue affects Docker Desktop: 4.11.X.
nvd
CVE-2023-0628P3HIGHCVSS 7.8fixed in 4.17.02023-03-13
CVE-2023-0628 [HIGH] CWE-77 CVE-2023-0628: Docker Desktop before 4.17.0 allows an attacker to execute an arbitrary command inside a Dev Environ Docker Desktop before 4.17.0 allows an attacker to execute an arbitrary command inside a Dev Environments container during initialization by tricking a user to open a crafted malicious docker-desktop:// URL.
nvd
CVE-2025-14740P3MEDIUMCVSS 6.7≤ 4.56.02026-02-04
CVE-2025-14740 [MEDIUM] CWE-732 CVE-2025-14740: Docker Desktop for Windows contains multiple incorrect permission assignment vulnerabilities in the Docker Desktop for Windows contains multiple incorrect permission assignment vulnerabilities in the installer's handling of the C:\ProgramData\DockerDesktop directory. The installer creates this directory without proper ownership verification, creating two exploitation scenarios: Scenario 1 (Persistent Attack): If a low-privileged attacker pre-creat
nvd
CVE-2023-0629P4HIGHCVSS 7.1≥ 4.13.0, < 4.17.02023-03-13
CVE-2023-0629 [HIGH] CWE-424 CVE-2023-0629: Docker Desktop before 4.17.0 allows an unprivileged user to bypass Enhanced Container Isolation (ECI Docker Desktop before 4.17.0 allows an unprivileged user to bypass Enhanced Container Isolation (ECI) restrictions by setting the Docker host to docker.raw.sock, or npipe:////.pipe/docker_engine_linux on Windows, via the -H (--host) CLI flag or the DOCKER_HOST environment variable and launch containers without the additional hardening features provided
nvd
CVE-2023-5166P4MEDIUMCVSS 6.5fixed in 4.23.02023-09-25
CVE-2023-5166 [MEDIUM] CWE-200 CVE-2023-5166: Docker Desktop before 4.23.0 allows Access Token theft via a crafted extension icon URL. This issue Docker Desktop before 4.23.0 allows Access Token theft via a crafted extension icon URL. This issue affects Docker Desktop: before 4.23.0.
nvd
CVE-2024-6222P4HIGHCVSS 7.0fixed in v4.29.02024-07-09
CVE-2024-6222 [HIGH] CWE-923 CVE-2024-6222: In Docker Desktop before v4.29.0, an attacker who has gained access to the Docker Desktop VM through In Docker Desktop before v4.29.0, an attacker who has gained access to the Docker Desktop VM through a container breakout can further escape to the host by passing extensions and dashboard related IPC messages. Docker Desktop v4.29.0 https://docs.docker.com/desktop/release-notes/#4290 fixes the issue on MacOS, Linux and Windows with Hyper-V backend. A
nvd
CVE-2024-5652P4MEDIUMCVSS 5.5fixed in v4.31.02024-07-09
CVE-2024-5652 [MEDIUM] CWE-400 CVE-2024-5652: In Docker Desktop on Windows before v4.31.0 allows a user in the docker-users group to cause a Windo In Docker Desktop on Windows before v4.31.0 allows a user in the docker-users group to cause a Windows Denial-of-Service through the exec-path Docker daemon config option in Windows containers mode.
nvd
Docker Inc Docker Desktop vulnerabilities | cvebase