CVE-2024-8696

A remote code execution (RCE) vulnerability via crafted extension publisher-url/additional-urls could be abused by a malicious extension in Docker Desktop before 4.34.2.
References
Configurations

Configuration 1 (hide)

cpe:2.3:a:docker:desktop:*:*:*:*:*:*:*:*

History

13 Sep 2024, 16:01

Type Values Removed Values Added
CWE NVD-CWE-noinfo
Summary
  • (es) Una vulnerabilidad de ejecución de código remoto (RCE) a través de la extensión manipulada publisher-url/additional-urls podría ser aprovechada por una extensión maliciosa en Docker Desktop anterior a 4.34.2.
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 9.8
First Time Docker desktop
Docker
CPE cpe:2.3:a:docker:desktop:*:*:*:*:*:*:*:*
References () https://docs.docker.com/desktop/release-notes/#4342 - () https://docs.docker.com/desktop/release-notes/#4342 - Release Notes

12 Sep 2024, 18:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-09-12 18:15

Updated : 2024-09-13 16:01


NVD link : CVE-2024-8696

Mitre link : CVE-2024-8696

CVE.ORG link : CVE-2024-8696


JSON object : View

Products Affected

docker

  • desktop
CWE
NVD-CWE-noinfo CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CWE-94

Improper Control of Generation of Code ('Code Injection')