CVE-2023-1802 - OpenCVE

In Docker Desktop 4.17.x the Artifactory Integration falls back to sending registry credentials over plain HTTP if the HTTPS health check has failed. A targeted network sniffing attack can lead to a disclosure of sensitive information. Only users who have Access Experimental Features enabled and have logged in to a private registry are affected.

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Docker	Desktop

Configuration 1 [-]

OR	cpe:2.3:a:docker:desktop:4.17.0:::::windows::
	cpe:2.3:a:docker:desktop:4.17.1:::::windows::

No data.

References

Link	Providers
https://docs.docker.com/desktop/release-notes/#4180
https://github.com/docker/for-win/issues/13344

History

No history.

MITRE

Status: PUBLISHED

Assigner: Docker

Published: 2023-04-06T08:52:19.506Z

Updated: 2024-08-02T06:05:26.143Z

Reserved: 2023-04-03T10:20:15.739Z

Link: CVE-2023-1802

Vulnrichment

No data.

NVD

Status : Modified

Published: 2023-04-06T09:15:07.030

Modified: 2023-11-07T04:04:59.850

Link: CVE-2023-1802

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-1802", "assignerOrgId": "686469e6-3ff6-451b-ab8b-cf5b9e89401e", "state": "PUBLISHED", "assignerShortName": "Docker", "dateReserved": "2023-04-03T10:20:15.739Z", "datePublished": "2023-04-06T08:52:19.506Z", "dateUpdated": "2024-08-02T06:05:26.143Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "modules": ["Artifactory Integration"], "platforms": ["Windows", "MacOS", "Linux"], "product": "Docker Desktop", "vendor": "Docker", "versions": [{"lessThan": "4.18.0", "status": "affected", "version": "4.17.0", "versionType": "semver"}]}], "configurations": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Only users who have the option Access Experimental Features enabled and have logged in to a private registry are affected. "}], "value": "Only users who have the option Access Experimental Features enabled and have logged in to a private registry are affected.\u00a0"}], "datePublic": "2023-04-05T17:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "In Docker Desktop 4.17.x the Artifactory Integration falls back to sending registry credentials over plain HTTP if the HTTPS health check has failed. <span style=\"background-color: rgb(255, 255, 255);\">A targeted network sniffing attack can lead to a disclosure of sensitive information. Only users who have Access Experimental Features enabled and have logged in to a private registry are affected. </span><br>"}], "value": "In Docker Desktop 4.17.x the Artifactory Integration falls back to sending registry credentials over plain HTTP if the HTTPS health check has failed.\u00a0A targeted network sniffing attack can lead to a disclosure of sensitive information. Only users who have Access Experimental Features enabled and have logged in to a private registry are affected. \n"}], "impacts": [{"capecId": "CAPEC-158", "descriptions": [{"lang": "en", "value": "CAPEC-158 Sniffing Network Traffic"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-319", "description": "CWE-319 Cleartext Transmission of Sensitive Information", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "686469e6-3ff6-451b-ab8b-cf5b9e89401e", "shortName": "Docker", "dateUpdated": "2023-04-06T08:52:19.506Z"}, "references": [{"tags": ["release-notes"], "url": "https://docs.docker.com/desktop/release-notes/#4180"}, {"tags": ["issue-tracking"], "url": "https://github.com/docker/for-win/issues/13344"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": " Update Docker Desktop to version 4.18.0<br>"}], "value": " Update Docker Desktop to version 4.18.0\n"}], "source": {"discovery": "EXTERNAL"}, "title": "In Docker Desktop 4.17.x the Artifactory Integration falls back to sending registry credentials over plain HTTP if the HTTPS health check has failed", "workarounds": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Disable the Access Experimental Features option from the setting panel "}], "value": "Disable the Access Experimental Features option from the setting panel\u00a0"}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T06:05:26.143Z"}, "title": "CVE Program Container", "references": [{"tags": ["release-notes", "x_transferred"], "url": "https://docs.docker.com/desktop/release-notes/#4180"}, {"tags": ["issue-tracking", "x_transferred"], "url": "https://github.com/docker/for-win/issues/13344"}]}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:docker:desktop:4.17.0:*:*:*:*:windows:*:*", "matchCriteriaId": "D7217294-76FA-466D-A46E-85076F041746", "vulnerable": true}, {"criteria": "cpe:2.3:a:docker:desktop:4.17.1:*:*:*:*:windows:*:*", "matchCriteriaId": "DBBD80F7-7DA0-4B5C-A384-C817C777F585", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In Docker Desktop 4.17.x the Artifactory Integration falls back to sending registry credentials over plain HTTP if the HTTPS health check has failed.\u00a0A targeted network sniffing attack can lead to a disclosure of sensitive information. Only users who have Access Experimental Features enabled and have logged in to a private registry are affected. \n"}], "id": "CVE-2023-1802", "lastModified": "2023-11-07T04:04:59.850", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 3.6, "source": "security@docker.com", "type": "Secondary"}]}, "published": "2023-04-06T09:15:07.030", "references": [{"source": "security@docker.com", "tags": ["Release Notes"], "url": "https://docs.docker.com/desktop/release-notes/#4180"}, {"source": "security@docker.com", "tags": ["Exploit"], "url": "https://github.com/docker/for-win/issues/13344"}], "sourceIdentifier": "security@docker.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-319"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-319"}], "source": "security@docker.com", "type": "Secondary"}]}