PT-2023-5441 · Docker · Docker Desktop
Masato Kinugawa
+1
·
Publicado
2023-09-25
·
Atualizado
2023-09-26
·
CVE-2023-0626
CVSS v2.0
10
Crítica
| Vetor | AV:N/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Docker Desktop versions prior to 4.12.0
Description
The issue is related to incorrect code generation management in Docker Desktop, allowing a remote attacker to execute arbitrary code via query parameters in the message-box route. This can lead to remote code execution (RCE).
Recommendations
For Docker Desktop versions prior to 4.12.0, update to version 4.12.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the message-box route to minimize the risk of exploitation. Avoid using query parameters in the message-box route until the issue is resolved.
Correção
RCE
Code Injection
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Docker Desktop