Escape Sequence Injection Vulnerability in Docker Machine by Docker
CVE-2023-40453

6.5MEDIUM

Key Information:

Vendor: Docker
Status: Machine
Vendor: CVE Published:; 7 November 2023

What is CVE-2023-40453?

An escape sequence injection vulnerability exists in Docker Machine prior to version 0.16.2. This flaw allows an attacker with control of a worker node to manipulate version data. Such an attack could mislead an administrator into performing unsafe actions or trigger a denial of service on a bastion node due to excessive data size. It's important to note that this vulnerability affects only unsupported versions of the product, underscoring the need for users to maintain updated and supported software.

References

https://vin01.github.io/piptagole/docker/security/gitlab/...

https://hackerone.com/reports/1916285

https://github.com/docker/machine/releases

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 7, 2023
Vulnerability Reserved
Aug 14, 2023