CVE-2023-5166: Docker Desktop before 4.23.0 allows Access Token theft via a crafted extension icon URL
First published: Mon Sep 25 2023(Updated: )
Docker Desktop before 4.23.0 allows Access Token theft via a crafted extension icon URL. This issue affects Docker Desktop: before 4.23.0.
Credit: security@docker.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Docker Desktop | <4.23.0 |
Remedy
Update Docker Desktop to 4.23.0
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID of this issue?
The vulnerability ID of this issue is CVE-2023-5166.
What is the severity of CVE-2023-5166?
The severity of CVE-2023-5166 is high with a CVSS score of 6.5.
Which version of Docker Desktop is affected by CVE-2023-5166?
Docker Desktop before version 4.23.0 is affected by CVE-2023-5166.
How can Access Token theft occur in Docker Desktop before version 4.23.0?
Access Token theft can occur in Docker Desktop before version 4.23.0 through a crafted extension icon URL.
How can I fix the vulnerability CVE-2023-5166?
To fix the vulnerability CVE-2023-5166, users should update Docker Desktop to version 4.23.0 or later.
- agent/author
- agent/type
- agent/remedy
- agent/title
- agent/references
- agent/weakness
- agent/severity
- agent/first-publish-date
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/softwarecombine
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- vendor/docker
- canonical/docker desktop