PT-2023-21567 · Docker · Play With Docker

Cokebeer

Publicado

2023-03-16

Atualizado

2023-03-23

CVE-2023-28109

CVSS v3.1

6.5

Média

Vetor

AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Play With Docker versions 0.0.2 and prior

Description Play With Docker is a browser-based Docker playground. The issue arises from incorrect CORS configuration, allowing an attacker to bypass the CORS policy by setting the origin header in an HTTP request to a malicious domain, such as evil-play-with-docker.com, which would then be echoed in the response header, successfully retrieving basic user information.

Recommendations For versions 0.0.2 and prior, upgrade to the latest version to fix the issue. As a temporary workaround, consider restricting access to the play-with-docker.com domain to minimize the risk of exploitation. There are no known workarounds other than upgrading to the latest version.

Exploit

Correção

IDOR

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-639

Identificadores relacionados

CVE-2023-28109

GHSA-VQ59-5X26-H639

Produtos afetados

Play With Docker

PT-2023-21567 · Docker · Play With Docker

CVE-2023-28109

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 9