CVE-2023-1802

Name of the Vulnerable Software and Affected Versions Docker Desktop versions 4.17.x

Description The issue is related to the transmission of registry data in plain text due to the use of HTTP instead of HTTPS in the Artifactory module of Docker Desktop. This can allow a remote attacker to gain unauthorized access to sensitive information. A targeted network sniffing attack can lead to the disclosure of sensitive information. The issue affects users who have Access Experimental Features enabled and have logged in to a private registry.

Recommendations For Docker Desktop version 4.17.x, consider disabling the Artifactory Integration until a patch is available to prevent the transmission of registry credentials over plain HTTP. Restrict access to private registries to minimize the risk of exploitation. Avoid using the Access Experimental Features option until the issue is resolved.