CVE-2023-0626

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Sep 25, 2023
CWE ID 94

Summary

CVE-2023-0626 is a recently disclosed vulnerability affecting Docker Desktop versions prior to 4.12.0. This issue permits Remote Code Execution (RCE) through manipulating query parameters in the message-box route. An attacker can exploit this vulnerability to execute arbitrary commands on the targeted system, leading to potential security breaches and data compromise. Users are strongly advised to upgrade to Docker Desktop version 4.12.0 or later to mitigate this risk.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Affected Products

  • Docker Desktop

Affected Vendors

  • Docker Inc.