Vulnerabilities > Docker > Docker Desktop > 4.14.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-09-25 | CVE-2023-5165 | Missing Authorization vulnerability in Docker Desktop Docker Desktop before 4.23.0 allows an unprivileged user to bypass Enhanced Container Isolation (ECI) restrictions via the debug shell which remains accessible for a short time window after launching Docker Desktop. | 8.8 |
| 2023-09-25 | CVE-2023-5166 | Unspecified vulnerability in Docker Desktop Docker Desktop before 4.23.0 allows Access Token theft via a crafted extension icon URL. This issue affects Docker Desktop: before 4.23.0. | 6.5 |
| 2023-03-13 | CVE-2023-0628 | Command Injection vulnerability in Docker Desktop Docker Desktop before 4.17.0 allows an attacker to execute an arbitrary command inside a Dev Environments container during initialization by tricking a user to open a crafted malicious docker-desktop:// URL. | 7.8 |
| 2023-03-13 | CVE-2023-0629 | Unspecified vulnerability in Docker Desktop Docker Desktop before 4.17.0 allows an unprivileged user to bypass Enhanced Container Isolation (ECI) restrictions by setting the Docker host to docker.raw.sock, or npipe:////.pipe/docker_engine_linux on Windows, via the -H (--host) CLI flag or the DOCKER_HOST environment variable and launch containers without the additional hardening features provided by ECI. | 7.1 |