Docker Desktop before 4.23.0 allows an unprivileged user to bypass Enhanced Container Isolation (ECI) restrictions via the debug shell which remains accessible for a short time window after launching Docker Desktop. The affected functionality is available for Docker Business customers only and assumes an environment where users are not granted local root or Administrator privileges.
This issue has been fixed in Docker Desktop 4.23.0.
Affected Docker Desktop versions: from 4.13.0 before 4.23.0.
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://docs.docker.com/desktop/release-notes/#4230 |
History
No history.
MITRE
Status: PUBLISHED
Assigner: Docker
Published: 2023-09-25T15:29:12.869Z
Updated: 2024-08-02T07:52:07.697Z
Reserved: 2023-09-25T14:05:45.905Z
Link: CVE-2023-5165
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2023-09-25T16:15:15.773
Modified: 2023-09-26T15:50:49.217
Link: CVE-2023-5165
Redhat
No data.