CVE-2023-0627: Docker Desktop 4.11.x allows --no-windows-containers flag bypass
First published: Mon Sep 25 2023(Updated: )
Docker Desktop 4.11.x allows --no-windows-containers flag bypass via IPC response spoofing which may lead to Local Privilege Escalation (LPE).This issue affects Docker Desktop: 4.11.X.
Credit: security@docker.com security@docker.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Docker Docker Desktop | >=4.11.0<4.12.0 |
Remedy
Update to 4.12.0
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this Docker Desktop issue?
The vulnerability ID for this Docker Desktop issue is CVE-2023-0627.
What is the severity level of Docker Desktop vulnerability CVE-2023-0627?
The severity level of Docker Desktop vulnerability CVE-2023-0627 is high.
What is the impact of Docker Desktop vulnerability CVE-2023-0627?
Docker Desktop vulnerability CVE-2023-0627 may lead to Local Privilege Escalation (LPE).
How can the Docker Desktop vulnerability CVE-2023-0627 be exploited?
Docker Desktop vulnerability CVE-2023-0627 can be exploited through IPC response spoofing to bypass the --no-windows-containers flag.
How can I fix the Docker Desktop vulnerability CVE-2023-0627?
To fix the Docker Desktop vulnerability CVE-2023-0627, update to version 4.12.0 or higher.
- collector/nvd-api
- collector/nvd-index
- agent/type
- agent/author
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/last-modified-date
- agent/severity
- agent/remedy
- agent/references
- agent/title
- agent/tags
- agent/description
- agent/first-publish-date
- agent/event
- vendor/docker
- canonical/docker docker desktop
- version/docker docker desktop/4.11.0