Title:
RCE Vulnerabilities in Docker Desktop
Timestamp:
Friday Sep 13, 2024
Summary:
Docker Desktop, a popular application for containerized application development, has been found to contain critical security vulnerabilities that could allow attackers to execute arbitrary code on affected systems.
Vulnerabilities Details:
• CVE-2024-8695
CVSS Base Score: 9.0 - Critical : A vulnerability in Docker Desktop's handling of extension descriptions and changelogs could allow attackers to execute arbitrary code.
• CVE-2024-8696
CVSS Base Score: 8.9 - High : A vulnerability in Docker Desktop's handling of publisher-url/additional-urls could allow attackers to execute arbitrary code.
Affected Versions: • Docker Desktop before 4.34.2
Fixed Version: • Docker Desktop 4.34.2 or later
Recommendations:
We recommended to upgrade the affected versions to the fixed versions at the earliest.
References:
click here