CVE-2023-0627

CVSS 3.1 Score 7.8 of 10 (high)

Details

Published Sep 25, 2023

CWE ID 501

Summary

CVE-2023-0627 is a vulnerability affecting Docker Desktop version 4.11.x. An attacker can exploit this issue by bypassing the --no-windows-containers flag through IPC response spoofing. This bypass may result in Local Privilege Escalation (LPE), allowing an attacker to gain elevated system access on the affected system. Users are advised to update their Docker Desktop installations as soon as possible to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Docker Desktop

Affected Vendors

Docker Inc.

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/rzAMuq
https://www.cve.org/CVERecord?id=CVE-2023-0627
https://nvd.nist.gov/vuln/detail/CVE-2023-0627

Back to Vulnerability Database