CVE-2023-0628

Name of the Vulnerable Software and Affected Versions Docker Desktop versions prior to 4.17.0

Description The issue allows an attacker to execute arbitrary commands inside a Dev Environments container during initialization. This can be achieved by tricking a user into opening a crafted malicious docker-desktop:// URL. The vulnerability is related to inadequate data cleaning measures at the management level, which can be exploited to execute arbitrary commands.

Recommendations For Docker Desktop versions prior to 4.17.0, update to version 4.17.0 or later to resolve the issue. As a temporary workaround, consider avoiding the use of crafted docker-desktop:// URLs until the issue is resolved.