Remote Code Execution (RCE) in Docker Desktop before 4.12.0 via Crafted Extension Description or Changelog

Remote Code Execution (RCE) in Docker Desktop before 4.12.0 via Crafted Extension Description or Changelog

CVE-2023-0625 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Docker Desktop before 4.12.0 is vulnerable to RCE via a crafted extension description or changelog. This issue affects Docker Desktop: before 4.12.0.

Learn more about our Cis Benchmark Audit For Desktop Software.