CVE-2024-8695

A remote code execution (RCE) vulnerability via crafted extension description/changelog could be abused by a malicious extension in Docker Desktop before 4.34.2.
References
Configurations

Configuration 1 (hide)

cpe:2.3:a:docker:desktop:*:*:*:*:*:*:*:*

History

13 Sep 2024, 16:01

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 9.8
References () https://docs.docker.com/desktop/release-notes/#4342 - () https://docs.docker.com/desktop/release-notes/#4342 - Release Notes
CPE cpe:2.3:a:docker:desktop:*:*:*:*:*:*:*:*
Summary
  • (es) Una vulnerabilidad de ejecución de código remoto (RCE) a través de una descripción de extensión/registro de cambios manipulados podría ser aprovechada por una extensión maliciosa en Docker Desktop anterior a 4.34.2.
First Time Docker desktop
Docker
CWE NVD-CWE-noinfo

12 Sep 2024, 18:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-09-12 18:15

Updated : 2024-09-13 16:01


NVD link : CVE-2024-8695

Mitre link : CVE-2024-8695

CVE.ORG link : CVE-2024-8695


JSON object : View

Products Affected

docker

  • desktop
CWE
NVD-CWE-noinfo CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CWE-94

Improper Control of Generation of Code ('Code Injection')