| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2023-5166 | Docker Desktop before 4.23.0 allows Access Token theft via a crafted extension icon URL | Docker Inc. | Docker Desktop | High | 8.0 | 2023-09-25 15:30:10 | Deep Dive |
| CVE-2023-5165 | Docker Desktop before 4.23.0 allows Enhanced Container Isolation bypass via debug shell | Docker Inc. | Docker Desktop | High | 7.1 | 2023-09-25 15:29:13 | Deep Dive |
| CVE-2023-1802 | In Docker Desktop 4.17.x the Artifactory Integration falls back to sending registry credentials over plain HTTP if the HTTPS health check has failed | Docker | Docker Desktop | Medium | 5.9 | 2023-04-06 08:52:20 | Deep Dive |
| CVE-2023-0629 | Docker Desktop before 4.17.0 allows an unprivileged user to bypass Enhanced Container Isolation restrictions via the raw Docker socket and launch privileged containers | Docker Inc. | Docker Desktop | High | 7.1 | 2023-03-13 11:16:41 | Deep Dive |
| CVE-2023-0628 | Docker Desktop before 4.17.0 allows an attacker to execute an arbitrary command inside a Dev Environments container during initialization by tricking a user to open a crafted malicious docker-desktop:// URL | Docker Inc. | Docker Desktop | Medium | 6.1 | 2023-03-13 11:16:30 | Deep Dive |