Docker Desktop Fixes Container Breakout Vulnerability in v4.29.0
CVE-2024-6222

7HIGH

Key Information:

Vendor

Docker Inc.

Status
Docker Desktop
Vendor
CVE Published:
9 July 2024

Badges

👾 Exploit Exists📰 News Worthy

What is CVE-2024-6222?

The first article discusses a vulnerability in Docker Desktop that allows an attacker to escape to the host from the Docker Desktop VM through a container breakout. The vulnerability has been fixed in version 4.29.0 with additional changes in version 4.31.0. The impact is medium and affects Linux, MacOS X, and Windows operating systems. Users are advised to update to the latest version of Docker Desktop to mitigate the risk.

The second article also addresses the same vulnerability in Docker and provides information on the affected operating systems and products. It emphasizes the importance of keeping the application up to date and provides links to further information on updates, patches, and workarounds. The severity of the vulnerability is medium, and it warns users to consult the listed sources for information on the latest software version and security patches.

Affected Version(s)

Docker Desktop Windows 0

News Articles

favicon imageNews.de

docker gefährdet: Neue Sicherheitslücke! Schwachstelle ermöglicht Umgehen von Sicherheitsvorkehrungen

Für docker liegt eine aktuelle IT-Sicherheitswarnung vor. Um welche Schwachstelle es sich handelt, welche Produkte betroffen sind und was Sie tun können, erfahren Sie hier.

References

https://docs.docker.com/desktop/release-notes/#4290
release-notes

CVSS V3.1

Score:
7
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
High
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • 👾

    Exploit known to exist

  • 📰

    First article discovered by News.de

  • Vulnerability published

Credit

Billy Jheng Bing-Jhong
Đỗ Minh Tuấn
Muhammad Alifa Ramdhan
Trend Micro Zero Day Initiative
.