CVE-2024-8696

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Sep 12, 2024
Updated: Sep 13, 2024
CWE ID 94
CWE ID 79

Summary

CVE-2024-8696 is a critical remote code execution vulnerability affecting Docker Desktop versions prior to 4.34.2, which can be exploited through malicious extensions utilizing crafted publisher URLs or additional URLs. This vulnerability has a CVSS base score of 9.8, indicating a high risk to organizations, with potential impacts on confidentiality, integrity, and availability. To remediate this issue, users are advised to update Docker Desktop to version 4.34.2 or later as detailed in the release notes provided by Docker. The attack vector for this vulnerability is network-based, requiring no user interaction and granting the attacker significant control over the affected systems. Organizations that fail to address this vulnerability may face severe security breaches due to its high exploitability score and low attack complexity.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share