Remote Code Execution Vulnerability in Docker Desktop by Docker, Inc.
CVE-2024-8696

9.8CRITICAL

Key Information:

Vendor: Docker
Status: Desktop
Vendor: CVE Published:; 12 September 2024

What is CVE-2024-8696?

A vulnerability has been identified in Docker Desktop that enables remote code execution through a crafted extension’s publisher-url and additional-urls parameters. This flaw can be exploited by malicious extensions, allowing attackers to execute arbitrary code on affected systems. Users of Docker Desktop versions prior to 4.34.2 are strongly advised to update to the latest version to mitigate the risk associated with this vulnerability and secure their environments.

References

https://docs.docker.com/desktop/release-notes/#4342

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 12, 2024