CVE-2023-0626

All Frameworks › Docker › CWE-94 › CVE-2023-0626

CVE-2023-0626

State: PUBLISHED · Published: 2023-09-25 · Updated: 2024-09-24 · Assigner: Docker

Description

Docker Desktop before 4.12.0 is vulnerable to RCE via query parameters in message-box route. This issue affects Docker Desktop: before 4.12.0.

CWE

CWE-94 — CWE-94 Improper Control of Generation of Code ('Code Injection')

Affected

Docker Inc. / Docker Desktop — v=0 <4.12.0 [affected]

CVSS

3.1 score=8 severity=HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

References

https://docs.docker.com/desktop/release-notes/#4120 release-notes

Source

cvelistV5-main/cves/2023/0xxx/CVE-2023-0626.json