{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-0629", "assignerOrgId": "686469e6-3ff6-451b-ab8b-cf5b9e89401e", "state": "PUBLISHED", "assignerShortName": "Docker", "dateReserved": "2023-02-01T22:40:41.487Z", "datePublished": "2023-03-13T11:16:41.171Z", "dateUpdated": "2025-02-27T20:12:56.479Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "modules": ["Settings Management", "Enhanced Container Isolation"], "platforms": ["MacOS", "Windows (Hyper-V)", "Linux"], "product": "Docker Desktop", "vendor": "Docker Inc.", "versions": [{"lessThan": "4.17.0", "status": "affected", "version": "4.13.0", "versionType": "semver"}]}], "datePublic": "2023-03-13T11:15:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Docker Desktop before 4.17.0 allows an unprivileged user to bypass Enhanced Container Isolation (ECI) restrictions by setting the Docker host to <tt>docker.raw.sock</tt>, or <tt>npipe:////.pipe/docker_engine_linux</tt> on Windows, via the <tt>-H</tt> (<tt>--host</tt>) CLI flag or the <tt>DOCKER_HOST</tt> environment variable and launch containers without the additional hardening features provided by ECI. This would not affect already running containers, nor containers launched through the usual approach (without Docker's raw socket).<br><br>The affected functionality is available for Docker Business customers only and assumes an environment where users are not granted local root or Administrator privileges.<br><p>This issue has been fixed in Docker Desktop 4.17.0. <br><br>Affected Docker Desktop versions: from 4.13.0 before 4.17.0.</p>"}], "value": "Docker Desktop before 4.17.0 allows an unprivileged user to bypass Enhanced Container Isolation (ECI) restrictions by setting the Docker host to docker.raw.sock, or npipe:////.pipe/docker_engine_linux on Windows, via the -H (--host) CLI flag or the DOCKER_HOST environment variable and launch containers without the additional hardening features provided by ECI. This would not affect already running containers, nor containers launched through the usual approach (without Docker's raw socket).\n\nThe affected functionality is available for Docker Business customers only and assumes an environment where users are not granted local root or Administrator privileges.\nThis issue has been fixed in Docker Desktop 4.17.0. \n\nAffected Docker Desktop versions: from 4.13.0 before 4.17.0.\n\n"}], "impacts": [{"capecId": "CAPEC-554", "descriptions": [{"lang": "en", "value": "CAPEC-554 Functionality Bypass"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-424", "description": "CWE-424: Improper Protection of Alternate Path", "lang": "en", "type": "CWE"}]}, {"descriptions": [{"cweId": "CWE-501", "description": "CWE-501: Trust Boundary Violation", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "686469e6-3ff6-451b-ab8b-cf5b9e89401e", "shortName": "Docker", "dateUpdated": "2023-03-13T11:16:41.171Z"}, "references": [{"tags": ["release-notes"], "url": "https://docs.docker.com/desktop/release-notes/#4170"}], "source": {"discovery": "INTERNAL"}, "title": "Docker Desktop before 4.17.0 allows an unprivileged user to bypass Enhanced Container Isolation restrictions via the raw Docker socket and launch privileged containers", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T05:17:50.272Z"}, "title": "CVE Program Container", "references": [{"tags": ["release-notes", "x_transferred"], "url": "https://docs.docker.com/desktop/release-notes/#4170"}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-02-27T20:07:27.576557Z", "id": "CVE-2023-0629", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-02-27T20:12:56.479Z"}}]}}

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-0629", "assignerOrgId": "686469e6-3ff6-451b-ab8b-cf5b9e89401e", "state": "PUBLISHED", "assignerShortName": "Docker", "dateReserved": "2023-02-01T22:40:41.487Z", "datePublished": "2023-03-13T11:16:41.171Z", "dateUpdated": "2025-02-27T20:12:56.479Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "modules": ["Settings Management", "Enhanced Container Isolation"], "platforms": ["MacOS", "Windows (Hyper-V)", "Linux"], "product": "Docker Desktop", "vendor": "Docker Inc.", "versions": [{"lessThan": "4.17.0", "status": "affected", "version": "4.13.0", "versionType": "semver"}]}], "datePublic": "2023-03-13T11:15:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Docker Desktop before 4.17.0 allows an unprivileged user to bypass Enhanced Container Isolation (ECI) restrictions by setting the Docker host to <tt>docker.raw.sock</tt>, or <tt>npipe:////.pipe/docker_engine_linux</tt> on Windows, via the <tt>-H</tt> (<tt>--host</tt>) CLI flag or the <tt>DOCKER_HOST</tt> environment variable and launch containers without the additional hardening features provided by ECI. This would not affect already running containers, nor containers launched through the usual approach (without Docker's raw socket).<br><br>The affected functionality is available for Docker Business customers only and assumes an environment where users are not granted local root or Administrator privileges.<br><p>This issue has been fixed in Docker Desktop 4.17.0. <br><br>Affected Docker Desktop versions: from 4.13.0 before 4.17.0.</p>"}], "value": "Docker Desktop before 4.17.0 allows an unprivileged user to bypass Enhanced Container Isolation (ECI) restrictions by setting the Docker host to docker.raw.sock, or npipe:////.pipe/docker_engine_linux on Windows, via the -H (--host) CLI flag or the DOCKER_HOST environment variable and launch containers without the additional hardening features provided by ECI. This would not affect already running containers, nor containers launched through the usual approach (without Docker's raw socket).\n\nThe affected functionality is available for Docker Business customers only and assumes an environment where users are not granted local root or Administrator privileges.\nThis issue has been fixed in Docker Desktop 4.17.0. \n\nAffected Docker Desktop versions: from 4.13.0 before 4.17.0.\n\n"}], "impacts": [{"capecId": "CAPEC-554", "descriptions": [{"lang": "en", "value": "CAPEC-554 Functionality Bypass"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-424", "description": "CWE-424: Improper Protection of Alternate Path", "lang": "en", "type": "CWE"}]}, {"descriptions": [{"cweId": "CWE-501", "description": "CWE-501: Trust Boundary Violation", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "686469e6-3ff6-451b-ab8b-cf5b9e89401e", "shortName": "Docker", "dateUpdated": "2023-03-13T11:16:41.171Z"}, "references": [{"tags": ["release-notes"], "url": "https://docs.docker.com/desktop/release-notes/#4170"}], "source": {"discovery": "INTERNAL"}, "title": "Docker Desktop before 4.17.0 allows an unprivileged user to bypass Enhanced Container Isolation restrictions via the raw Docker socket and launch privileged containers", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T05:17:50.272Z"}, "title": "CVE Program Container", "references": [{"tags": ["release-notes", "x_transferred"], "url": "https://docs.docker.com/desktop/release-notes/#4170"}]}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-0629", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-02-27T20:07:27.576557Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-02-27T20:07:35.913Z"}}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:docker:docker_desktop:*:*:*:*:*:*:*:*", "matchCriteriaId": "869E273A-ED82-4809-979C-CA9971A0DA1F", "versionEndExcluding": "4.17.0", "versionStartIncluding": "4.13.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Docker Desktop before 4.17.0 allows an unprivileged user to bypass Enhanced Container Isolation (ECI) restrictions by setting the Docker host to docker.raw.sock, or npipe:////.pipe/docker_engine_linux on Windows, via the -H (--host) CLI flag or the DOCKER_HOST environment variable and launch containers without the additional hardening features provided by ECI. This would not affect already running containers, nor containers launched through the usual approach (without Docker's raw socket).\n\nThe affected functionality is available for Docker Business customers only and assumes an environment where users are not granted local root or Administrator privileges.\nThis issue has been fixed in Docker Desktop 4.17.0. \n\nAffected Docker Desktop versions: from 4.13.0 before 4.17.0.\n\n"}], "id": "CVE-2023-0629", "lastModified": "2024-11-21T07:37:30.910", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.2, "source": "security@docker.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.2, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-03-13T12:15:11.060", "references": [{"source": "security@docker.com", "tags": ["Release Notes"], "url": "https://docs.docker.com/desktop/release-notes/#4170"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Release Notes"], "url": "https://docs.docker.com/desktop/release-notes/#4170"}], "sourceIdentifier": "security@docker.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-424"}, {"lang": "en", "value": "CWE-501"}], "source": "security@docker.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}