Denial-of-Service Vulnerability in Docker Desktop for Windows
CVE-2024-5652

5.5MEDIUM

Key Information:

Vendor

Docker Inc.

Status
Docker Desktop
Vendor
CVE Published:
9 July 2024

Badges

đź“° News Worthy

What is CVE-2024-5652?

A vulnerability exists in Docker Desktop for Windows versions prior to v4.31.0 that allows a user within the docker-users group to exploit the exec-path configuration of the Docker daemon. This exploitation can lead to a denial-of-service condition within Windows container mode, potentially disrupting service availability and affecting workloads running in Docker.

Affected Version(s)

Docker Desktop Windows 0

News Articles

favicon imageprophaze.com

CVE-2024-5652 : DOCKER DESKTOP UP TO 4.30.X ON WINDOWS DAEMON DENIAL OF SERVICE - Cloud WAF

CVE-2024-5652 : In Docker Desktop on Windows before v4.31.0 allows a user in the docker-users group to cause a Windows Denial-of-Service through the exec-path Docker daemon config option in Windows containers mode.

References

https://docs.docker.com/desktop/release-notes/#4310
release-notes

CVSS V3.1

Score:
5.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • đź“°

    First article discovered by prophaze.com

  • Vulnerability published

.
CVE-2024-5652 : Denial-of-Service Vulnerability in Docker Desktop for Windows