Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2023-5165

Docker Desktop before 4.23.0 allows an unprivileged user to bypass Enhanced Container Isolation (ECI) restrictions via the debug shell which remains accessible for a short time window after launching Docker Desktop. The affected functionality is available for Docker Business customers only and assumes an environment where users are not granted local root or Administrator privileges. This issue has been fixed in Docker Desktop 4.23.0. Affected Docker Desktop versions: from 4.13.0 before 4.23.0.

Published

2023-09-25T16:15:15.773

Last Modified

2024-11-21T08:41:12.893

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 7.1 (HIGH)

Weaknesses

Type: Secondary
CWE-424
CWE-862
Type: Primary
CWE-862

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	docker	docker_desktop	< 4.23.0	Yes

References

https://docs.docker.com/desktop/release-notes/#4230 Release Notes, Vendor Advisory ([email protected])
https://docs.docker.com/desktop/release-notes/#4230 Release Notes, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)