CVE-2023-5166

CVSS 3.1 Score 5.3 of 10 (medium)

Details

Published Sep 25, 2023

Updated: Sep 26, 2023

CWE ID 289

Summary

CVE-2023-5166 is a vulnerability affecting Docker Desktop versions prior to 4.23.0. An attacker can steal Access Tokens by using a specially crafted extension icon URL. This issue poses a significant security risk, as Access Tokens are used for authentication and authorization within the Docker environment. Successful exploitation allows the attacker to gain unauthorized access to containers and potentially sensitive data. Users are strongly encouraged to update their Docker Desktop installations to the latest version to mitigate this threat.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/t4X4QX
https://www.cve.org/CVERecord?id=CVE-2023-5166
https://nvd.nist.gov/vuln/detail/CVE-2023-5166

Back to Vulnerability Database

CVE-2023-5166

CVSS 3.1 Score 5.3 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations