CVE-2024-8695

Summary

CVE-2024-8695 is a critical remote code execution vulnerability affecting Docker Desktop versions prior to 4.34.2, which can be exploited through malicious extensions by manipulating the extension description or changelog. The vulnerability has a CVSS base score of 9.8, indicating a high risk with potential impacts on confidentiality, integrity, and availability of systems. Organizations using affected versions are at risk of unauthorized remote code execution without requiring user interaction or elevated privileges. To remediate this issue, users should update their Docker Desktop software to version 4.34.2 or later as recommended in the release notes. Failure to address this vulnerability could lead to significant security breaches within an organization’s infrastructure due to the low complexity of the attack vector.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.