Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2023-0629

Summary
Assigner-Docker
Assigner Org ID-686469e6-3ff6-451b-ab8b-cf5b9e89401e
Published At-13 Mar, 2023 | 11:16
Updated At-27 Feb, 2025 | 20:12
Rejected At-
Credits

Docker Desktop before 4.17.0 allows an unprivileged user to bypass Enhanced Container Isolation restrictions via the raw Docker socket and launch privileged containers

Docker Desktop before 4.17.0 allows an unprivileged user to bypass Enhanced Container Isolation (ECI) restrictions by setting the Docker host to docker.raw.sock, or npipe:////.pipe/docker_engine_linux on Windows, via the -H (--host) CLI flag or the DOCKER_HOST environment variable and launch containers without the additional hardening features provided by ECI. This would not affect already running containers, nor containers launched through the usual approach (without Docker's raw socket). The affected functionality is available for Docker Business customers only and assumes an environment where users are not granted local root or Administrator privileges. This issue has been fixed in Docker Desktop 4.17.0. Affected Docker Desktop versions: from 4.13.0 before 4.17.0.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:Docker
Assigner Org ID:686469e6-3ff6-451b-ab8b-cf5b9e89401e
Published At:13 Mar, 2023 | 11:16
Updated At:27 Feb, 2025 | 20:12
Rejected At:
▼CVE Numbering Authority (CNA)
Docker Desktop before 4.17.0 allows an unprivileged user to bypass Enhanced Container Isolation restrictions via the raw Docker socket and launch privileged containers

Docker Desktop before 4.17.0 allows an unprivileged user to bypass Enhanced Container Isolation (ECI) restrictions by setting the Docker host to docker.raw.sock, or npipe:////.pipe/docker_engine_linux on Windows, via the -H (--host) CLI flag or the DOCKER_HOST environment variable and launch containers without the additional hardening features provided by ECI. This would not affect already running containers, nor containers launched through the usual approach (without Docker's raw socket). The affected functionality is available for Docker Business customers only and assumes an environment where users are not granted local root or Administrator privileges. This issue has been fixed in Docker Desktop 4.17.0. Affected Docker Desktop versions: from 4.13.0 before 4.17.0.

Affected Products
Vendor
Docker, Inc.Docker Inc.
Product
Docker Desktop
Modules
  • Settings Management
  • Enhanced Container Isolation
Platforms
  • MacOS
  • Windows (Hyper-V)
  • Linux
Default Status
unaffected
Versions
Affected
  • From 4.13.0 before 4.17.0 (semver)
Problem Types
TypeCWE IDDescription
CWECWE-424CWE-424: Improper Protection of Alternate Path
CWECWE-501CWE-501: Trust Boundary Violation
Type: CWE
CWE ID: CWE-424
Description: CWE-424: Improper Protection of Alternate Path
Type: CWE
CWE ID: CWE-501
Description: CWE-501: Trust Boundary Violation
Metrics
VersionBase scoreBase severityVector
3.17.1HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Version: 3.1
Base score: 7.1
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Metrics Other Info
Impacts
CAPEC IDDescription
CAPEC-554CAPEC-554 Functionality Bypass
CAPEC ID: CAPEC-554
Description: CAPEC-554 Functionality Bypass
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://docs.docker.com/desktop/release-notes/#4170
release-notes
Hyperlink: https://docs.docker.com/desktop/release-notes/#4170
Resource:
release-notes
▼Authorized Data Publishers (ADP)
1. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://docs.docker.com/desktop/release-notes/#4170
release-notes
x_transferred
Hyperlink: https://docs.docker.com/desktop/release-notes/#4170
Resource:
release-notes
x_transferred
2. CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:security@docker.com
Published At:13 Mar, 2023 | 12:15
Updated At:07 Nov, 2023 | 04:01

Docker Desktop before 4.17.0 allows an unprivileged user to bypass Enhanced Container Isolation (ECI) restrictions by setting the Docker host to docker.raw.sock, or npipe:////.pipe/docker_engine_linux on Windows, via the -H (--host) CLI flag or the DOCKER_HOST environment variable and launch containers without the additional hardening features provided by ECI. This would not affect already running containers, nor containers launched through the usual approach (without Docker's raw socket). The affected functionality is available for Docker Business customers only and assumes an environment where users are not granted local root or Administrator privileges. This issue has been fixed in Docker Desktop 4.17.0. Affected Docker Desktop versions: from 4.13.0 before 4.17.0.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.17.1HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Secondary3.17.1HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Type: Primary
Version: 3.1
Base score: 7.1
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Type: Secondary
Version: 3.1
Base score: 7.1
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
CPE Matches
Docker, Inc.
docker
>>docker_desktop>>Versions from 4.13.0(inclusive) to 4.17.0(exclusive)
cpe:2.3:a:docker:docker_desktop:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
NVD-CWE-noinfoPrimarynvd@nist.gov
CWE-424Secondarysecurity@docker.com
CWE-501Secondarysecurity@docker.com
CWE ID: NVD-CWE-noinfo
Type: Primary
Source: nvd@nist.gov
CWE ID: CWE-424
Type: Secondary
Source: security@docker.com
CWE ID: CWE-501
Type: Secondary
Source: security@docker.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://docs.docker.com/desktop/release-notes/#4170security@docker.com
Release Notes
Hyperlink: https://docs.docker.com/desktop/release-notes/#4170
Source: security@docker.com
Resource:
Release Notes

Change History

0
Information is not available yet

Similar CVEs

2Records found
CVE-2023-5165
Matching Score-10
Assigner-Docker Inc.
ShareView Details
Matching Score-10
Assigner-Docker Inc.
CVSS Score-7.1||HIGH
EPSS-0.01% / 3.48%
||
7 Day CHG~0.00%
Published-25 Sep, 2023 | 15:29
Updated-24 Sep, 2024 | 15:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Docker Desktop before 4.23.0 allows Enhanced Container Isolation bypass via debug shell

Docker Desktop before 4.23.0 allows an unprivileged user to bypass Enhanced Container Isolation (ECI) restrictions via the debug shell which remains accessible for a short time window after launching Docker Desktop. The affected functionality is available for Docker Business customers only and assumes an environment where users are not granted local root or Administrator privileges. This issue has been fixed in Docker Desktop 4.23.0. Affected Docker Desktop versions: from 4.13.0 before 4.23.0.

Action-Not Available
Vendor-Docker, Inc.
Product-docker_desktopDocker Desktop
CWE ID-CWE-862
Missing Authorization
CWE ID-CWE-424
Improper Protection of Alternate Path
CVE-2023-0627
Matching Score-6
Assigner-Docker Inc.
ShareView Details
Matching Score-6
Assigner-Docker Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.03% / 10.26%
||
7 Day CHG~0.00%
Published-25 Sep, 2023 | 15:31
Updated-24 Sep, 2024 | 15:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Docker Desktop 4.11.x allows --no-windows-containers flag bypass

Docker Desktop 4.11.x allows --no-windows-containers flag bypass via IPC response spoofing which may lead to Local Privilege Escalation (LPE).This issue affects Docker Desktop: 4.11.X.

Action-Not Available
Vendor-Docker, Inc.
Product-docker_desktopDocker Desktop
CWE ID-CWE-501
Trust Boundary Violation
Details not found