Aggregates CVE and security vulnerability intelligence across all Docker-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.
Disclosed issues often relate to vendor risk input validation, vendor risk cross-site scripting, and vendor risk file inclusion; exposure may include vendor impact session compromise in vendor surface image processing contexts.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2022-38730 | Docker Desktop for Windows before 4.6 allows attackers to overwrite any file through the windowscontainers/start dockerBackendV2 API by controlling the data-root field inside the DaemonJSON field in the WindowsContainerStartRequest class. This allows exploiting a symlink vulnerability in ..\dataRoot\network\files\local-kv.db because of a TOCTOU race condition. | [email protected] | 6.3 | 0.38% | 2023-04-27 | 2025-01-31 |
| CVE-2022-37326 | Docker Desktop for Windows before 4.6.0 allows attackers to delete (or create) any file through the dockerBackendV2 windowscontainers/start API by controlling the pidfile field inside the DaemonJSON field in the WindowsContainerStartRequest class. This can indirectly lead to privilege escalation. | [email protected] | 7.8 | 0.14% | 2023-04-27 | 2025-01-31 |
| CVE-2022-34292 | Docker Desktop for Windows before 4.6.0 allows attackers to overwrite any file through a symlink attack on the hyperv/create dockerBackendV2 API by controlling the DataFolder parameter for DockerDesktop.vhdx, a similar issue to CVE-2022-31647. | [email protected] | 7.1 | 0.15% | 2023-04-27 | 2025-01-31 |
| CVE-2022-31647 | Docker Desktop before 4.6.0 on Windows allows attackers to delete any file through the hyperv/destroy dockerBackendV2 API via a symlink in the DataFolder parameter, a different vulnerability than CVE-2022-26659. | [email protected] | 7.1 | 0.15% | 2023-04-27 | 2025-01-31 |
| CVE-2023-1802 | In Docker Desktop 4.17.x the Artifactory Integration falls back to sending registry credentials over plain HTTP if the HTTPS health check has failed. A targeted network sniffing attack can lead to a disclosure of sensitive information. Only users who have Access Experimental Features enabled and have logged in to a private registry are affected. | [email protected] | 5.9 | 0.17% | 2023-04-06 | 2024-11-21 |
| CVE-2023-0629 | Docker Desktop before 4.17.0 allows an unprivileged user to bypass Enhanced Container Isolation (ECI) restrictions by setting the Docker host to docker.raw.sock, or npipe:////.pipe/docker_engine_linux on Windows, via the -H (--host) CLI flag or the DOCKER_HOST environment variable and launch containers without the additional hardening features provided by ECI. This would not affect already running containers, nor containers launched through the usual approach (without Docker's raw socket). The | [email protected] | 7.1 | 0.07% | 2023-03-13 | 2024-11-21 |
| CVE-2023-0628 | Docker Desktop before 4.17.0 allows an attacker to execute an arbitrary command inside a Dev Environments container during initialization by tricking a user to open a crafted malicious docker-desktop:// URL. | [email protected] | 6.1 | 0.18% | 2023-03-13 | 2024-11-21 |
| CVE-2021-44719 | Docker Desktop 4.3.0 has Incorrect Access Control. | [email protected] | 8.4 | 0.07% | 2022-05-25 | 2024-11-21 |
| CVE-2022-26659 | Docker Desktop installer on Windows in versions before 4.6.0 allows an attacker to overwrite any administrator writable files by creating a symlink in place of where the installer writes its log file. Starting from version 4.6.0, the Docker Desktop installer, when run elevated, will write its log files to a location not writable by non-administrator users. | [email protected] | 7.1 | 0.08% | 2022-03-25 | 2024-11-21 |
| CVE-2022-25365 | Docker Desktop before 4.5.1 on Windows allows attackers to move arbitrary files. NOTE: this issue exists because of an incomplete fix for CVE-2022-23774. | [email protected] | 7.8 | 1.41% | 2022-02-19 | 2024-11-21 |
| CVE-2022-23774 | Docker Desktop before 4.4.4 on Windows allows attackers to move arbitrary files. | [email protected] | 5.3 | 0.24% | 2022-02-01 | 2024-11-21 |
| CVE-2021-45449 | Docker Desktop version 4.3.0 and 4.3.1 has a bug that may log sensitive information (access token or password) on the user's machine during login. This only affects users if they are on Docker Desktop 4.3.0, 4.3.1 and the user has logged in while on 4.3.0, 4.3.1. Gaining access to this data would require having access to the user’s local files. | [email protected] | 5.5 | 0.16% | 2022-01-12 | 2024-11-21 |
| CVE-2021-41092 | Docker CLI is the command line interface for the docker container runtime. A bug was found in the Docker CLI where running `docker login my-private-registry.example.com` with a misconfigured configuration file (typically `~/.docker/config.json`) listing a `credsStore` or `credHelpers` that could not be executed would result in any provided credentials being sent to `registry-1.docker.io` rather than the intended private registry. This bug has been fixed in Docker CLI 20.10.9. Users should update | [email protected] | 5.4 | 0.06% | 2021-10-04 | 2024-11-21 |
| CVE-2021-37841 | Docker Desktop before 3.6.0 suffers from incorrect access control. If a low-privileged account is able to access the server running the Windows containers, it can lead to a full container compromise in both process isolation and Hyper-V isolation modes. This security issue leads an attacker with low privilege to read, write and possibly even execute code inside the containers. | [email protected] | 7.8 | 0.17% | 2021-08-12 | 2024-11-21 |
| CVE-2021-21285 | In Docker before versions 9.03.15, 20.10.3 there is a vulnerability in which pulling an intentionally malformed Docker image manifest crashes the dockerd daemon. Versions 20.10.3 and 19.03.15 contain patches that prevent the daemon from crashing. | [email protected] | 6.5 | 0.35% | 2021-02-02 | 2024-11-21 |
| CVE-2021-21284 | In Docker before versions 9.03.15, 20.10.3 there is a vulnerability involving the --userns-remap option in which access to remapped root allows privilege escalation to real root. When using "--userns-remap", if the root user in the remapped namespace has access to the host filesystem they can modify files under "/var/lib/docker/<remapping>" that cause writing files with extended privileges. Versions 20.10.3 and 19.03.15 contain patches that prevent privilege escalation from remapped user. | [email protected] | 6.8 | 0.02% | 2021-02-02 | 2024-11-21 |
| CVE-2021-3162 | Docker Desktop Community before 2.5.0.0 on macOS mishandles certificate checking, leading to local privilege escalation. | [email protected] | 7.8 | 0.04% | 2021-01-15 | 2024-11-21 |
| CVE-2020-27534 | util/binfmt_misc/check.go in Builder in Docker Engine before 19.03.9 calls os.OpenFile with a potentially unsafe qemu-check temporary pathname, constructed with an empty first argument in an ioutil.TempDir call. | [email protected] | 5.3 | 0.77% | 2020-12-30 | 2024-11-21 |
| CVE-2020-35197 | The official memcached docker images before 1.5.11-alpine (Alpine specific) contain a blank password for a root user. System using the memcached docker container deployed by affected versions of the docker image may allow a remote attacker to achieve root access with a blank password. | [email protected] | 9.8 | 2.08% | 2020-12-17 | 2024-11-21 |
| CVE-2020-35196 | The official rabbitmq docker images before 3.7.13-beta.1-management-alpine (Alpine specific) contain a blank password for a root user. System using the rabbitmq docker container deployed by affected versions of the docker image may allow a remote attacker to achieve root access with a blank password. | [email protected] | 9.8 | 2.01% | 2020-12-17 | 2024-11-21 |