Vulnerabilities > Docker
|2023-03-13||CVE-2023-0628|| Command Injection vulnerability in Docker Desktop |
Docker Desktop before 4.17.0 allows an attacker to execute an arbitrary command inside a Dev Environments container during initialization by tricking a user to open a crafted malicious docker-desktop:// URL.
| 7.8 |
|2023-03-13||CVE-2023-0629|| Unspecified vulnerability in Docker Desktop |
Docker Desktop before 4.17.0 allows an unprivileged user to bypass Enhanced Container Isolation (ECI) restrictions by setting the Docker host to docker.raw.sock, or npipe:////.pipe/docker_engine_linux on Windows, via the -H (--host) CLI flag or the DOCKER_HOST environment variable and launch containers without the additional hardening features provided by ECI.
| 7.1 |
|2023-01-31||CVE-2022-37708|| Incorrect Permission Assignment for Critical Resource vulnerability in Docker 20.10.15 |
Docker version 20.10.15, build fd82621 is vulnerable to Insecure Permissions.
| 6.8 |
|2022-05-25||CVE-2021-44719|| Files or Directories Accessible to External Parties vulnerability in Docker Desktop |
Docker Desktop 4.3.0 has Incorrect Access Control.
| 6.6 |
|2022-03-25||CVE-2022-26659|| Link Following vulnerability in Docker Desktop |
Docker Desktop installer on Windows in versions before 4.6.0 allows an attacker to overwrite any administrator writable files by creating a symlink in place of where the installer writes its log file.
| 7.1 |
|2022-02-19||CVE-2022-25365|| Unspecified vulnerability in Docker |
Docker Desktop before 4.5.1 on Windows allows attackers to move arbitrary files.
| 4.6 |
|2022-02-01||CVE-2022-23774|| Unspecified vulnerability in Docker Desktop |
Docker Desktop before 4.4.4 on Windows allows attackers to move arbitrary files.
| 5.0 |
|2022-01-12||CVE-2021-45449|| Information Exposure Through Log Files vulnerability in Docker Desktop 4.3.0/4.3.1 |
Docker Desktop version 4.3.0 and 4.3.1 has a bug that may log sensitive information (access token or password) on the user's machine during login.
| 2.1 |
|2021-10-04||CVE-2021-41092|| Information Exposure vulnerability in multiple products |
Docker CLI is the command line interface for the docker container runtime.
low complexitydocker fedoraproject CWE-200
| 5.0 |
|2021-08-12||CVE-2021-37841|| Incorrect Permission Assignment for Critical Resource vulnerability in Docker Desktop |
Docker Desktop before 3.6.0 suffers from incorrect access control.
| 4.6 |