File Manipulation Vulnerability in Docker Desktop on Windows
CVE-2022-23774

5.3MEDIUM

Key Information:

Vendor: Docker
Status: Docker Desktop
Vendor: CVE Published:; 1 February 2022

What is CVE-2022-23774?

A vulnerability exists in Docker Desktop for Windows versions prior to 4.4.4 that allows attackers to exploit insufficient restrictions on file access. This enables unauthorized movement of arbitrary files within the affected system, potentially leading to further exploitation and data compromise. Users are urged to upgrade to the latest version to mitigate risks associated with this vulnerability.

References

https://docs.docker.com/docker-for-windows/release-notes/

x_refsource_MISC

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 1, 2022
Vulnerability Reserved
Jan 20, 2022