Search In Site

Security Alerts

Title: 

RCE Vulnerabilities in Docker Desktop

Timestamp:

Friday Sep 13, 2024

Summary:

Docker Desktop, a popular application for containerized application development, has been found to contain critical security vulnerabilities that could allow attackers to execute arbitrary code on affected systems.

Vulnerabilities Details:

 • CVE-2024-8695

   CVSS Base Score: 9.0 - Critical : A vulnerability in Docker Desktop's handling of extension descriptions and changelogs could allow attackers to execute arbitrary code. 

• CVE-2024-8696

 CVSS Base Score: 8.9 - High : A vulnerability in Docker Desktop's handling of publisher-url/additional-urls could allow attackers to execute arbitrary code.

Affected Versions: • Docker Desktop before 4.34.2

 Fixed Version: • Docker Desktop 4.34.2 or later

Recommendations:

We recommended to upgrade the affected versions to the fixed versions at the earliest.

References:

click here