CVE-2024-8696
CVSS 3.1 Score 9.8 of 10 (high)
Details
Summary
CVE-2024-8696 is a critical remote code execution vulnerability affecting Docker Desktop versions prior to 4.34.2, which can be exploited through malicious extensions utilizing crafted publisher URLs or additional URLs. This vulnerability has a CVSS base score of 9.8, indicating a high risk to organizations, with potential impacts on confidentiality, integrity, and availability. To remediate this issue, users are advised to update Docker Desktop to version 4.34.2 or later as detailed in the release notes provided by Docker. The attack vector for this vulnerability is network-based, requiring no user interaction and granting the attacker significant control over the affected systems. Organizations that fail to address this vulnerability may face severe security breaches due to its high exploitability score and low attack complexity.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.