Docker Desktop 4.11 & older: Installer Argument Injection LPE
CVE-2023-0633 Published on September 25, 2023

In Docker Desktop on Windows before 4.12.0 an argument injection to installer may result in LPE
In Docker Desktop on Windows before 4.12.0 an argument injection to installer may result in local privilege escalation (LPE).This issue affects Docker Desktop: before 4.12.0.

NVD

Vulnerability Analysis

CVE-2023-0633 can be exploited with local system access, requires user interaction and a small amount of user privileges. This vulnerability is consided to have a high level of attack complexity. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality and integrity, and no impact on availability.

Attack Vector:
LOCAL
Attack Complexity:
HIGH
Privileges Required:
LOW
User Interaction:
REQUIRED
Scope:
CHANGED
Confidentiality Impact:
HIGH
Integrity Impact:
HIGH
Availability Impact:
NONE

Weakness Type

What is an Argument Injection Vulnerability?

The software constructs a string for a command to executed by a separate component in another control sphere, but it does not properly delimit the intended arguments, options, or switches within that command string.

CVE-2023-0633 has been classified to as an Argument Injection vulnerability or weakness.


Products Associated with CVE-2023-0633

Want to know whenever a new CVE is published for Docker Desktop? stack.watch will email you.

Docker Desktop
 

Affected Versions

Docker Inc. Docker Desktop:

Exploit Probability

EPSS
0.07%
Percentile
21.11%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.