216.73.217.80

CVE-2024-6222

· Published 09/07/2024 18:15 · Modified 09/07/2024 18:18

Labels: CVE-2024-6222 2024-07-09CVE-2024-6222CWE-923[email protected]

Essential information

Published
09/07/2024 18:15
Modified
09/07/2024 18:18
Author
Creator
CISA KEV
No
CWE

Description

In Docker Desktop before v4.29.0, an attacker who has gained access to the Docker Desktop VM through a container breakout can further escape to the host by passing extensions and dashboard related IPC messages. Docker Desktop v4.29.0 https://docs.docker.com/desktop/release-notes/#4290 fixes the issue on MacOS, Linux and Windows with Hyper-V backend. As exploitation requires "Allow only extensions distributed through the Docker Marketplace" to be disabled, Docker Desktop  v4.31.0 https://docs.docker.com/desktop/release-notes/#4310  additionally changes the default configuration to enable this setting by default.

NVD status

Status
Awaiting Analysis — CVE has been marked for Analysis. Normally once in this state the CVE will be analyzed by NVD staff within 24 hours.
Source
[email protected]
NVD
View on NVD

References