CVE-2023-5165 - OpenCVE

Docker Desktop before 4.23.0 allows an unprivileged user to bypass Enhanced Container Isolation (ECI) restrictions via the debug shell which remains accessible for a short time window after launching Docker Desktop. The affected functionality is available for Docker Business customers only and assumes an environment where users are not granted local root or Administrator privileges. This issue has been fixed in Docker Desktop 4.23.0. Affected Docker Desktop versions: from 4.13.0 before 4.23.0.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Docker	Docker Desktop

Configuration 1 [-]

cpe:2.3:a:docker:docker_desktop:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://docs.docker.com/desktop/release-notes/#4230

History

No history.

MITRE

Status: PUBLISHED

Assigner: Docker

Published: 2023-09-25T15:29:12.869Z

Updated: 2024-08-02T07:52:07.697Z

Reserved: 2023-09-25T14:05:45.905Z

Link: CVE-2023-5165

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2023-09-25T16:15:15.773

Modified: 2023-09-26T15:50:49.217

Link: CVE-2023-5165

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-5165", "assignerOrgId": "686469e6-3ff6-451b-ab8b-cf5b9e89401e", "state": "PUBLISHED", "assignerShortName": "Docker", "dateReserved": "2023-09-25T14:05:45.905Z", "datePublished": "2023-09-25T15:29:12.869Z", "dateUpdated": "2024-08-02T07:52:07.697Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "platforms": ["Windows", "MacOS", "Linux", "x86", "ARM"], "product": "Docker Desktop", "vendor": "Docker Inc.", "versions": [{"lessThan": "4.23.0", "status": "affected", "version": "4.13.0", "versionType": "semver"}]}], "configurations": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Enhanced Container Isolation enabled (only available for Docker Business users)"}], "value": "Enhanced Container Isolation enabled (only available for Docker Business users)"}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "L. Kofler"}], "datePublic": "2023-09-11T10:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">Docker Desktop before 4.23.0 allows an unprivileged user to bypass Enhanced Container Isolation (ECI) restrictions via the debug shell which remains accessible for a short time window after launching Docker Desktop. The affected functionality is available for Docker Business customers only and assumes an environment where users are not granted local root or Administrator privileges. <br><br>This issue has been fixed in Docker Desktop 4.23.0. <br><br>Affected Docker Desktop versions: from 4.13.0 before 4.23.0.</span><br>"}], "value": "Docker Desktop before 4.23.0 allows an unprivileged user to bypass Enhanced Container Isolation (ECI) restrictions via the debug shell which remains accessible for a short time window after launching Docker Desktop. The affected functionality is available for Docker Business customers only and assumes an environment where users are not granted local root or Administrator privileges. \n\nThis issue has been fixed in Docker Desktop 4.23.0. \n\nAffected Docker Desktop versions: from 4.13.0 before 4.23.0.\n"}], "impacts": [{"capecId": "CAPEC-554", "descriptions": [{"lang": "en", "value": "CAPEC-554 Functionality Bypass"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-862", "description": "CWE-862 Missing Authorization", "lang": "en", "type": "CWE"}]}, {"descriptions": [{"cweId": "CWE-424", "description": "CWE-424: Improper Protection of Alternate Path", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "686469e6-3ff6-451b-ab8b-cf5b9e89401e", "shortName": "Docker", "dateUpdated": "2023-09-25T15:29:12.869Z"}, "references": [{"tags": ["release-notes"], "url": "https://docs.docker.com/desktop/release-notes/#4230"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Update to version 4.23.0"}], "value": "Update to version 4.23.0"}], "source": {"discovery": "EXTERNAL"}, "title": "Docker Desktop before 4.23.0 allows Enhanced Container Isolation bypass via debug shell", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T07:52:07.697Z"}, "title": "CVE Program Container", "references": [{"tags": ["release-notes", "x_transferred"], "url": "https://docs.docker.com/desktop/release-notes/#4230"}]}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:docker:docker_desktop:*:*:*:*:*:*:*:*", "matchCriteriaId": "B958322D-1E03-46F3-9AFA-0467DE4DC4EC", "versionEndExcluding": "4.23.0", "versionStartIncluding": "4.13.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Docker Desktop before 4.23.0 allows an unprivileged user to bypass Enhanced Container Isolation (ECI) restrictions via the debug shell which remains accessible for a short time window after launching Docker Desktop. The affected functionality is available for Docker Business customers only and assumes an environment where users are not granted local root or Administrator privileges. \n\nThis issue has been fixed in Docker Desktop 4.23.0. \n\nAffected Docker Desktop versions: from 4.13.0 before 4.23.0.\n"}, {"lang": "es", "value": "Docker Desktop anterior a 4.23.0 permite a un usuario sin privilegios evitar las restricciones de Enhanced Container Isolation (ECI) a trav\u00e9s del shell de depuraci\u00f3n, al que permanece accesible durante un breve per\u00edodo de tiempo despu\u00e9s de iniciar Docker Desktop. La funcionalidad afectada est\u00e1 disponible solo para clientes de Docker Business y asume un entorno donde los usuarios no reciben privilegios de administrador o root local. Este problema se solucion\u00f3 en Docker Desktop 4.23.0. Versiones de Docker Desktop afectadas: desde 4.13.0 anterior a 4.23.0."}], "id": "CVE-2023-5165", "lastModified": "2023-09-26T15:50:49.217", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.0, "impactScore": 6.0, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.2, "source": "security@docker.com", "type": "Secondary"}]}, "published": "2023-09-25T16:15:15.773", "references": [{"source": "security@docker.com", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://docs.docker.com/desktop/release-notes/#4230"}], "sourceIdentifier": "security@docker.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-862"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-424"}, {"lang": "en", "value": "CWE-862"}], "source": "security@docker.com", "type": "Secondary"}]}