CVE-2023-0627

Name of the Vulnerable Software and Affected Versions Docker Desktop versions 4.11.x

Description The issue is related to a violation of trust boundaries in Docker Desktop, which can be exploited to potentially allow an attacker to elevate their privileges. This is achieved through IPC response spoofing, bypassing the --no-windows-containers flag, and may lead to Local Privilege Escalation (LPE).

Recommendations For Docker Desktop version 4.11.x, consider disabling the IPC response feature until a patch is available to prevent potential exploitation. Restrict access to the Docker Desktop application to minimize the risk of privilege escalation. Avoid using the --no-windows-containers flag in affected versions until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.