How severe is CVE-2023-0629?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.1 out of 10.

What type of vulnerability is CVE-2023-0629?

This is classified as CWE-424, which is a common weakness in software security.

CVE-2023-0629 - HIGH Severity | CVSS 7.1

Vulnerability Description

Docker Desktop before 4.17.0 allows an unprivileged user to bypass Enhanced Container Isolation (ECI) restrictions by setting the Docker host to docker.raw.sock, or npipe:////.pipe/docker_engine_linux on Windows, via the -H (--host) CLI flag or the DOCKER_HOST environment variable and launch containers without the additional hardening features provided by ECI. This would not affect already running containers, nor containers launched through the usual approach (without Docker's raw socket). The affected functionality is available for Docker Business customers only and assumes an environment where users are not granted local root or Administrator privileges. This issue has been fixed in Docker Desktop 4.17.0. Affected Docker Desktop versions: from 4.13.0 before 4.17.0.

Related Vulnerabilities

CVE-2024-3460

HIGH

CVSS:7.0(High)

In KioWare for Windows (versions all through 8.34) it is possible to exit this software and use other already opened applications utilizing a short time window before the forced automatic logout occur...

CWE-4242024

CVE-2022-1742

MEDIUM

CVSS:6.8(Medium)

The tested version of Dominion Voting Systems ImageCast X allows for rebooting into Android Safe Mode, which allows an attacker to directly access the operating system. An attacker could leverage this...

CWE-4242022

CVE-2019-18997

HIGH

CVSS:7.5(High)

The HMISimulator component of ABB PB610 Panel Builder 600 uses the readFile/writeFile interface to manipulate the work file. Path configuration in PB610 HMISimulator versions 2.8.0.424 and earlier pot...

CWE-4242019

CVE-2024-8311

MEDIUM

CVSS:6.5(Medium)

An issue was discovered with pipeline execution policies in GitLab EE affecting all versions from 17.2 prior to 17.2.5, 17.3 prior to 17.3.2 which allows authenticated users to bypass variable overwri...

CWE-4242024

CVE-2019-18996

HIGH

CVSS:7.8(High)

Path settings in HMIStudio component of ABB PB610 Panel Builder 600 versions 2.8.0.424 and earlier accept DLLs outside of the program directory, potentially allowing an attacker with access to the loc...

CWE-4242019

CVE-2023-46176

HIGH

CVSS:7.8(High)

IBM MQ Appliance 9.3 CD could allow a local attacker to gain elevated privileges on the system, caused by improper validation of security keys. IBM X-Force ID: 269535.

CWE-4242023