CVE-2023-0629

Name of the Vulnerable Software and Affected Versions Docker Desktop versions 4.13.0 through 4.16.x

Description The issue allows an unprivileged user to bypass Enhanced Container Isolation (ECI) restrictions by setting the Docker host to docker.raw.sock or npipe:////.pipe/docker engine linux on Windows, via the -H (--host) CLI flag or the DOCKER HOST environment variable, and launch containers without the additional hardening features provided by ECI. This would not affect already running containers, nor containers launched through the usual approach (without Docker's raw socket). The affected functionality is available for Docker Business customers only and assumes an environment where users are not granted local root or Administrator privileges.

Recommendations For Docker Desktop versions 4.13.0 through 4.16.x, update to Docker Desktop 4.17.0 to resolve the issue. As a temporary workaround, consider restricting the use of the DOCKER HOST environment variable and the -H (--host) CLI flag to prevent bypassing ECI restrictions. Additionally, restrict access to the docker.raw.sock and npipe:////.pipe/docker engine linux paths to minimize the risk of exploitation.