CVE-2023-0626: Docker Desktop before 4.12.0 is vulnerable to RCE via query parameters in message-box route
First published: Mon Sep 25 2023(Updated: )
Docker Desktop before 4.12.0 is vulnerable to RCE via query parameters in message-box route. This issue affects Docker Desktop: before 4.12.0.
Credit: security@docker.com security@docker.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Docker Docker Desktop | <4.12.0 |
Remedy
Update to 4.12.0
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID of this Docker Desktop vulnerability?
The vulnerability ID is CVE-2023-0626.
What is the severity level of CVE-2023-0626?
The severity level of CVE-2023-0626 is critical (9.8).
How does CVE-2023-0626 affect Docker Desktop?
CVE-2023-0626 allows for remote code execution (RCE) via query parameters in the message-box route in Docker Desktop before version 4.12.0.
How can I fix the CVE-2023-0626 vulnerability in Docker Desktop?
To fix the CVE-2023-0626 vulnerability, you should upgrade Docker Desktop to version 4.12.0 or newer.
Where can I find more information about the CVE-2023-0626 vulnerability?
You can find more information about the CVE-2023-0626 vulnerability in the Docker Desktop release notes.
- collector/nvd-api
- collector/nvd-index
- agent/type
- agent/author
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/last-modified-date
- agent/severity
- agent/remedy
- agent/references
- agent/title
- agent/tags
- agent/description
- agent/first-publish-date
- agent/event
- vendor/docker
- canonical/docker docker desktop