Docker Desktop for Windows before 4.6 allows attackers to overwrite any file through the windowscontainers/start dockerBackendV2 API by controlling the data-root field inside the DaemonJSON field in the WindowsContainerStartRequest class. This allows exploiting a symlink vulnerability in ..\dataRoot\network\files\local-kv.db because of a TOCTOU race condition.
References
Configurations
History
09 May 2023, 15:05
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://www.cyberark.com/resources/threat-research-blog/breaking-docker-named-pipes-systematically-docker-desktop-privilege-escalation-part-2 - Third Party Advisory | |
References | (MISC) https://docs.docker.com/desktop/release-notes/#docker-desktop-460 - Release Notes | |
First Time |
Docker
Docker desktop |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 6.3 |
CPE | cpe:2.3:a:docker:desktop:*:*:*:*:windows:*:*:* | |
CWE | CWE-59 CWE-367 |
27 Apr 2023, 20:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-04-27 20:15
Updated : 2023-12-10 15:01
NVD link : CVE-2022-38730
Mitre link : CVE-2022-38730
CVE.ORG link : CVE-2022-38730
JSON object : View
Products Affected
docker
- desktop