PT-2023-5445 · Docker · Docker Desktop
Cure53
·
Published
2023-09-25
·
Updated
2023-09-25
·
CVE-2023-0633
CVSS v3.1
7.8
High
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Docker Desktop versions prior to 4.12.0
Description
The issue is related to an argument injection to the installer in Docker Desktop on Windows, which may result in local privilege escalation. This allows an attacker to potentially elevate their privileges.
Recommendations
For Docker Desktop versions prior to 4.12.0, update to version 4.12.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the installer to minimize the risk of exploitation.
Fix
LPE
Argument Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Docker Desktop