PT-2023-5447 · Docker · Docker Desktop
M. Haunschmid
·
Published
2023-09-25
·
Updated
2023-09-26
·
CVE-2023-5166
CVSS v2.0
10
High
| Vector | AV:N/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Docker Desktop versions prior to 4.23.0
Description
The issue affects Docker Desktop and is related to the disclosure of protected information. It allows a remote attacker to obtain an access token using a specially crafted extension icon URL.
Recommendations
For Docker Desktop versions prior to 4.23.0, update to version 4.23.0 or later to resolve the issue. As a temporary workaround, consider restricting the use of crafted extension icon URLs to minimize the risk of exploitation.
Fix
Information Disclosure
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Docker Desktop