CVE-2024-5652

Name of the Vulnerable Software and Affected Versions: Docker Desktop versions prior to 4.31.0

Description: The issue is related to a configuration flaw in the exec-path Docker daemon config option, allowing a user in the docker-users group to cause a Windows Denial-of-Service in Windows containers mode. This is due to inadequate access control. The estimated number of potentially affected devices worldwide is not specified. There is no information about real-world incidents where this issue was exploited. The vulnerability can be exploited through the exec-path Docker daemon config option, which is a part of the Docker Desktop platform for developing and delivering containerized applications.

Recommendations: For Docker Desktop versions prior to 4.31.0, update to version 4.31.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the exec-path Docker daemon config option to minimize the risk of exploitation.