CVE-2024-5652 - Vulnerability Details - OpenCVE

In Docker Desktop on Windows before v4.31.0 allows a user in the docker-users group to cause a Windows Denial-of-Service through the exec-path Docker daemon config option in Windows containers mode.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Docker	Desktop

Configuration 1 [-]

cpe:2.3:a:docker:desktop:*:*:*:*:*:windows:*:*

No data.

References

Link	Providers
https://docs.docker.com/desktop/release-notes/#4310

History

No history.

MITRE

Status: PUBLISHED

Assigner: Docker

Published: 2024-07-09T17:07:08.691Z

Updated: 2024-08-01T21:18:06.518Z

Reserved: 2024-06-05T10:54:16.890Z

Link: CVE-2024-5652

Vulnrichment

Updated: 2024-08-01T21:18:06.518Z

NVD

Status : Modified

Published: 2024-07-09T17:15:48.770

Modified: 2024-11-21T09:48:05.750

Link: CVE-2024-5652

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-5652", "assignerOrgId": "686469e6-3ff6-451b-ab8b-cf5b9e89401e", "state": "PUBLISHED", "assignerShortName": "Docker", "dateReserved": "2024-06-05T10:54:16.890Z", "datePublished": "2024-07-09T17:07:08.691Z", "dateUpdated": "2024-08-01T21:18:06.518Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "platforms": ["Windows"], "product": "Docker Desktop", "vendor": "Docker Inc.", "versions": [{"lessThan": "v4.31.0", "status": "affected", "version": "0", "versionType": "semver"}]}], "configurations": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Docker Desktop not installed with the --no-windows-containers installer flag<br>"}], "value": "Docker Desktop not installed with the --no-windows-containers installer flag"}], "credits": [{"lang": "en", "type": "finder", "value": "Hashim Jawad ( @ihack4falafel)"}, {"lang": "en", "type": "finder", "value": "Trend Micro Zero Day Initiative"}], "datePublic": "2024-06-06T15:15:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "In Docker Desktop on Windows before v4.31.0 allows a user in the <code>docker-users</code> group to cause a Windows Denial-of-Service through the <code>exec-path</code> Docker daemon config option in Windows containers mode.<br>"}], "value": "In Docker Desktop on Windows before v4.31.0\u00a0allows a user in the docker-users\u00a0group to cause a Windows Denial-of-Service through the exec-path\u00a0Docker daemon config option in Windows containers mode."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "providerMetadata": {"orgId": "686469e6-3ff6-451b-ab8b-cf5b9e89401e", "shortName": "Docker", "dateUpdated": "2024-07-09T17:07:08.691Z"}, "references": [{"tags": ["release-notes"], "url": "https://docs.docker.com/desktop/release-notes/#4310"}], "source": {"discovery": "UNKNOWN"}, "title": "In Docker Desktop on Windows before v4.31.0 allows a user in the docker-users\u00a0group to cause a Windows Denial-of-Service through the exec-path\u00a0Docker daemon config option in Windows containers mode", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-07-23T18:59:59.468065Z", "id": "CVE-2024-5652", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-23T19:00:12.500Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T21:18:06.518Z"}, "title": "CVE Program Container", "references": [{"tags": ["release-notes", "x_transferred"], "url": "https://docs.docker.com/desktop/release-notes/#4310"}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://docs.docker.com/desktop/release-notes/#4310", "tags": ["release-notes", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T21:18:06.518Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-5652", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-07-23T18:59:59.468065Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-23T19:00:06.929Z"}}], "cna": {"title": "In Docker Desktop on Windows before v4.31.0 allows a user in the docker-users\u00a0group to cause a Windows Denial-of-Service through the exec-path\u00a0Docker daemon config option in Windows containers mode", "source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "finder", "value": "Hashim Jawad ( @ihack4falafel)"}, {"lang": "en", "type": "finder", "value": "Trend Micro Zero Day Initiative"}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.1, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Docker Inc.", "product": "Docker Desktop", "versions": [{"status": "affected", "version": "0", "lessThan": "v4.31.0", "versionType": "semver"}], "platforms": ["Windows"], "defaultStatus": "unaffected"}], "datePublic": "2024-06-06T15:15:00.000Z", "references": [{"url": "https://docs.docker.com/desktop/release-notes/#4310", "tags": ["release-notes"]}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "In Docker Desktop on Windows before v4.31.0\u00a0allows a user in the docker-users\u00a0group to cause a Windows Denial-of-Service through the exec-path\u00a0Docker daemon config option in Windows containers mode.", "supportingMedia": [{"type": "text/html", "value": "In Docker Desktop on Windows before v4.31.0 allows a user in the <code>docker-users</code> group to cause a Windows Denial-of-Service through the <code>exec-path</code> Docker daemon config option in Windows containers mode.<br>", "base64": false}]}], "configurations": [{"lang": "en", "value": "Docker Desktop not installed with the --no-windows-containers installer flag", "supportingMedia": [{"type": "text/html", "value": "Docker Desktop not installed with the --no-windows-containers installer flag<br>", "base64": false}]}], "providerMetadata": {"orgId": "686469e6-3ff6-451b-ab8b-cf5b9e89401e", "shortName": "Docker", "dateUpdated": "2024-07-09T17:07:08.691Z"}}}, "cveMetadata": {"cveId": "CVE-2024-5652", "state": "PUBLISHED", "dateUpdated": "2024-08-01T21:18:06.518Z", "dateReserved": "2024-06-05T10:54:16.890Z", "assignerOrgId": "686469e6-3ff6-451b-ab8b-cf5b9e89401e", "datePublished": "2024-07-09T17:07:08.691Z", "assignerShortName": "Docker"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:docker:desktop:*:*:*:*:*:windows:*:*", "matchCriteriaId": "C38D238E-A4DC-42FE-9707-6087C4EA6A9D", "versionEndExcluding": "4.31.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "In Docker Desktop on Windows before v4.31.0\u00a0allows a user in the docker-users\u00a0group to cause a Windows Denial-of-Service through the exec-path\u00a0Docker daemon config option in Windows containers mode."}, {"lang": "es", "value": "En Docker Desktop en Windows anterior a v4.31.0, se permite a un usuario del grupo docker-users provocar una denegaci\u00f3n de servicio de Windows a trav\u00e9s de la opci\u00f3n de configuraci\u00f3n del daemon Docker exec-path en el modo contenedores de Windows."}], "id": "CVE-2024-5652", "lastModified": "2024-11-21T09:48:05.750", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 4.2, "source": "security@docker.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-07-09T17:15:48.770", "references": [{"source": "security@docker.com", "tags": ["Release Notes"], "url": "https://docs.docker.com/desktop/release-notes/#4310"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Release Notes"], "url": "https://docs.docker.com/desktop/release-notes/#4310"}], "sourceIdentifier": "security@docker.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}