CVE-2023-5165
Last modified
CVE-2023-5165 is a high-severity vulnerability rated 8.8/10 on the CVSS scale. Docker Desktop before 4.23.0 allows an unprivileged user to bypass Enhanced Container Isolation (ECI) restrictions via the debug shell which remains accessible for a short time window after launching Docker Desktop. The affected functionality is available for Docker Business customers only and assumes an environment where users are not granted local root or Administrator privileges. EPSS estimates a 0.22% chance of exploitation in the next 30 days.
Description
Docker Desktop before 4.23.0 allows an unprivileged user to bypass Enhanced Container Isolation (ECI) restrictions via the debug shell which remains accessible for a short time window after launching Docker Desktop. The affected functionality is available for Docker Business customers only and assumes an environment where users are not granted local root or Administrator privileges. This issue has been fixed in Docker Desktop 4.23.0. Affected Docker Desktop versions: from 4.13.0 before 4.23.0.
Metrics
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Docker | Docker Desktop | >= 4.13.0, < 4.23.0 |
References
- https://docs.docker.com/desktop/release-notes/#4230Release Notes, Vendor Advisory
- https://docs.docker.com/desktop/release-notes/#4230Release Notes, Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2023-5165?
How severe is CVE-2023-5165?
How do I fix CVE-2023-5165?
Are you affected by CVE-2023-5165?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST