CVE-2023-0625 & CVE-2023-0626: Critical Docker Desktop RCE Bugs

In the era of containerization, Docker Desktop stands tall as a beacon of simplicity for developers. With its one-click-install mechanism and straightforward GUI, developers around the world have embraced Docker Desktop for crafting, running, and sharing containerized applications. However, as the saying goes, “With great power comes great responsibility.” However, it has recently been discovered that it contains three critical security vulnerabilities. These vulnerabilities could allow attackers to execute arbitrary code on a victim’s machine, escalate privileges, or bypass security restrictions.


1. CVE-2023-0625: Docker Desktop Remote Code Execution

  • Severity: Critical (CVSS score of 9.8)
  • Affected Versions: Docker Desktop before 4.12.0
  • Brief: A malicious actor could exploit Docker Desktop by inserting a crafted extension description or changelog. The CVE-2023-0625 vulnerability enables Remote Code Execution (RCE), granting unauthorized parties potential full control over the victim’s system.

2. CVE-2023-0626: Docker Desktop Remote Code Execution

  • Severity: Critical (CVSS score of 9.8)
  • Affected Versions: Docker Desktop before 4.12.0
  • Brief: Another avenue for attackers is by manipulating query parameters in the message-box route. The CVE-2023-0626 flaw also allows RCE, to turn a seemingly harmless message box into a digital trojan horse.

3. CVE-2023-0627: Docker Desktop Local Privilege Escalation

  • Severity: High (CVSS score of 7.8)
  • Affected Versions: Docker Desktop 4.11.x
  • Brief: An attacker, through IPC response spoofing, can bypass the `–no-windows-containers` flag. The CVE-2023-0627 vulnerability might lead to Local Privilege Escalation (LPE), further expanding the attacker’s foothold within the system.

As of now, Docker remains unaware of any active exploitation attempts regarding these vulnerabilities. However, the digital realm is ever-evolving. With critical flaws on popular software platforms like Docker Desktop, the door is left slightly ajar for potential cyber adversaries.

Given the severity of these vulnerabilities, especially the two with a CVSS score of 9.8, cybercriminals might be enticed to exploit them, paving the path for large-scale security incidents. Such flaws can be harnessed to create malicious botnets, unleash ransomware, or gain unauthorized access to confidential data.

For users and organizations that have integrated Docker Desktop into their workflow, immediate action is essential. The foremost step is updating to Docker Desktop 4.12.0 or the latest version. This simple update can significantly mitigate the threats posed by these vulnerabilities.

In addition to updating to the latest version of Docker Desktop, there are a number of other things you can do to protect yourself from these vulnerabilities:

  • Use a secure container registry. Store your container images in a secure container registry, such as Docker Hub or Amazon Elastic Container Registry (ECR).
  • Scan your images for vulnerabilities. Before deploying any container images, scan them for vulnerabilities using a tool such as Snyk or Clair.
  • Use least privilege. Only give your containers the permissions they need to run. Avoid running containers with root privileges.
  • Monitor your containers. Monitor your containers for suspicious activity using a tool such as Docker Swarm or Kubernetes.