Docker Desktop before 4.23.0 allows an unprivileged user to bypass Enhanced Container Isolation (ECI) restrictions via the debug shell which remains accessible for a short time window after launching Docker Desktop. The affected functionality is available for Docker Business customers only and assumes an environment where users are not granted local root or Administrator privileges.
This issue has been fixed in Docker Desktop 4.23.0.
Affected Docker Desktop versions: from 4.13.0 before 4.23.0.
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://docs.docker.com/desktop/release-notes/#4230 |
History
Tue, 24 Sep 2024 16:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
MITRE
Status: PUBLISHED
Assigner: Docker
Published: 2023-09-25T15:29:12.869Z
Updated: 2024-09-24T15:55:38.645Z
Reserved: 2023-09-25T14:05:45.905Z
Link: CVE-2023-5165
Vulnrichment
Updated: 2024-08-02T07:52:07.697Z
NVD
Status : Modified
Published: 2023-09-25T16:15:15.773
Modified: 2024-11-21T08:41:12.893
Link: CVE-2023-5165
Redhat
No data.