CVE-2023-1802 - Vulnerability Details - OpenCVE

In Docker Desktop 4.17.x the Artifactory Integration falls back to sending registry credentials over plain HTTP if the HTTPS health check has failed. A targeted network sniffing attack can lead to a disclosure of sensitive information. Only users who have Access Experimental Features enabled and have logged in to a private registry are affected.

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Docker	Desktop

Configuration 1 [-]

OR	cpe:2.3:a:docker:desktop:4.17.0:::::windows::
	cpe:2.3:a:docker:desktop:4.17.1:::::windows::

No data.

References

Link	Providers
https://docs.docker.com/desktop/release-notes/#4180
https://github.com/docker/for-win/issues/13344

History

Mon, 10 Feb 2025 21:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: Docker

Published: 2023-04-06T08:52:19.506Z

Updated: 2025-02-10T20:22:38.457Z

Reserved: 2023-04-03T10:20:15.739Z

Link: CVE-2023-1802

Vulnrichment

Updated: 2024-08-02T06:05:26.143Z

NVD

Status : Modified

Published: 2023-04-06T09:15:07.030

Modified: 2024-11-21T07:39:56.090

Link: CVE-2023-1802

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-1802", "assignerOrgId": "686469e6-3ff6-451b-ab8b-cf5b9e89401e", "state": "PUBLISHED", "assignerShortName": "Docker", "dateReserved": "2023-04-03T10:20:15.739Z", "datePublished": "2023-04-06T08:52:19.506Z", "dateUpdated": "2025-02-10T20:22:38.457Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "modules": ["Artifactory Integration"], "platforms": ["Windows", "MacOS", "Linux"], "product": "Docker Desktop", "vendor": "Docker", "versions": [{"lessThan": "4.18.0", "status": "affected", "version": "4.17.0", "versionType": "semver"}]}], "configurations": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Only users who have the option Access Experimental Features enabled and have logged in to a private registry are affected. "}], "value": "Only users who have the option Access Experimental Features enabled and have logged in to a private registry are affected.\u00a0"}], "datePublic": "2023-04-05T17:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "In Docker Desktop 4.17.x the Artifactory Integration falls back to sending registry credentials over plain HTTP if the HTTPS health check has failed. <span style=\"background-color: rgb(255, 255, 255);\">A targeted network sniffing attack can lead to a disclosure of sensitive information. Only users who have Access Experimental Features enabled and have logged in to a private registry are affected. </span><br>"}], "value": "In Docker Desktop 4.17.x the Artifactory Integration falls back to sending registry credentials over plain HTTP if the HTTPS health check has failed.\u00a0A targeted network sniffing attack can lead to a disclosure of sensitive information. Only users who have Access Experimental Features enabled and have logged in to a private registry are affected. \n"}], "impacts": [{"capecId": "CAPEC-158", "descriptions": [{"lang": "en", "value": "CAPEC-158 Sniffing Network Traffic"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-319", "description": "CWE-319 Cleartext Transmission of Sensitive Information", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "686469e6-3ff6-451b-ab8b-cf5b9e89401e", "shortName": "Docker", "dateUpdated": "2023-04-06T08:52:19.506Z"}, "references": [{"tags": ["release-notes"], "url": "https://docs.docker.com/desktop/release-notes/#4180"}, {"tags": ["issue-tracking"], "url": "https://github.com/docker/for-win/issues/13344"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": " Update Docker Desktop to version 4.18.0<br>"}], "value": " Update Docker Desktop to version 4.18.0\n"}], "source": {"discovery": "EXTERNAL"}, "title": "In Docker Desktop 4.17.x the Artifactory Integration falls back to sending registry credentials over plain HTTP if the HTTPS health check has failed", "workarounds": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Disable the Access Experimental Features option from the setting panel "}], "value": "Disable the Access Experimental Features option from the setting panel\u00a0"}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T06:05:26.143Z"}, "title": "CVE Program Container", "references": [{"tags": ["release-notes", "x_transferred"], "url": "https://docs.docker.com/desktop/release-notes/#4180"}, {"tags": ["issue-tracking", "x_transferred"], "url": "https://github.com/docker/for-win/issues/13344"}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-02-10T20:22:34.966354Z", "id": "CVE-2023-1802", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-02-10T20:22:38.457Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://docs.docker.com/desktop/release-notes/#4180", "tags": ["release-notes", "x_transferred"]}, {"url": "https://github.com/docker/for-win/issues/13344", "tags": ["issue-tracking", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T06:05:26.143Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-1802", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-02-10T20:22:34.966354Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-02-10T20:22:21.284Z"}}], "cna": {"title": "In Docker Desktop 4.17.x the Artifactory Integration falls back to sending registry credentials over plain HTTP if the HTTPS health check has failed", "source": {"discovery": "EXTERNAL"}, "impacts": [{"capecId": "CAPEC-158", "descriptions": [{"lang": "en", "value": "CAPEC-158 Sniffing Network Traffic"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.9, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Docker", "modules": ["Artifactory Integration"], "product": "Docker Desktop", "versions": [{"status": "affected", "version": "4.17.0", "lessThan": "4.18.0", "versionType": "semver"}], "platforms": ["Windows", "MacOS", "Linux"], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": " Update Docker Desktop to version 4.18.0\n", "supportingMedia": [{"type": "text/html", "value": " Update Docker Desktop to version 4.18.0<br>", "base64": false}]}], "datePublic": "2023-04-05T17:00:00.000Z", "references": [{"url": "https://docs.docker.com/desktop/release-notes/#4180", "tags": ["release-notes"]}, {"url": "https://github.com/docker/for-win/issues/13344", "tags": ["issue-tracking"]}], "workarounds": [{"lang": "en", "value": "Disable the Access Experimental Features option from the setting panel\u00a0", "supportingMedia": [{"type": "text/html", "value": "Disable the Access Experimental Features option from the setting panel ", "base64": false}]}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "In Docker Desktop 4.17.x the Artifactory Integration falls back to sending registry credentials over plain HTTP if the HTTPS health check has failed.\u00a0A targeted network sniffing attack can lead to a disclosure of sensitive information. Only users who have Access Experimental Features enabled and have logged in to a private registry are affected. \n", "supportingMedia": [{"type": "text/html", "value": "In Docker Desktop 4.17.x the Artifactory Integration falls back to sending registry credentials over plain HTTP if the HTTPS health check has failed. <span style=\"background-color: rgb(255, 255, 255);\">A targeted network sniffing attack can lead to a disclosure of sensitive information. Only users who have Access Experimental Features enabled and have logged in to a private registry are affected. </span><br>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-319", "description": "CWE-319 Cleartext Transmission of Sensitive Information"}]}], "configurations": [{"lang": "en", "value": "Only users who have the option Access Experimental Features enabled and have logged in to a private registry are affected.\u00a0", "supportingMedia": [{"type": "text/html", "value": "Only users who have the option Access Experimental Features enabled and have logged in to a private registry are affected. ", "base64": false}]}], "providerMetadata": {"orgId": "686469e6-3ff6-451b-ab8b-cf5b9e89401e", "shortName": "Docker", "dateUpdated": "2023-04-06T08:52:19.506Z"}}}, "cveMetadata": {"cveId": "CVE-2023-1802", "state": "PUBLISHED", "dateUpdated": "2025-02-10T20:22:38.457Z", "dateReserved": "2023-04-03T10:20:15.739Z", "assignerOrgId": "686469e6-3ff6-451b-ab8b-cf5b9e89401e", "datePublished": "2023-04-06T08:52:19.506Z", "assignerShortName": "Docker"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:docker:desktop:4.17.0:*:*:*:*:windows:*:*", "matchCriteriaId": "D7217294-76FA-466D-A46E-85076F041746", "vulnerable": true}, {"criteria": "cpe:2.3:a:docker:desktop:4.17.1:*:*:*:*:windows:*:*", "matchCriteriaId": "DBBD80F7-7DA0-4B5C-A384-C817C777F585", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "In Docker Desktop 4.17.x the Artifactory Integration falls back to sending registry credentials over plain HTTP if the HTTPS health check has failed.\u00a0A targeted network sniffing attack can lead to a disclosure of sensitive information. Only users who have Access Experimental Features enabled and have logged in to a private registry are affected. \n"}], "id": "CVE-2023-1802", "lastModified": "2024-11-21T07:39:56.090", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 3.6, "source": "security@docker.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-04-06T09:15:07.030", "references": [{"source": "security@docker.com", "tags": ["Release Notes"], "url": "https://docs.docker.com/desktop/release-notes/#4180"}, {"source": "security@docker.com", "tags": ["Exploit"], "url": "https://github.com/docker/for-win/issues/13344"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Release Notes"], "url": "https://docs.docker.com/desktop/release-notes/#4180"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "https://github.com/docker/for-win/issues/13344"}], "sourceIdentifier": "security@docker.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-319"}], "source": "security@docker.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-319"}], "source": "nvd@nist.gov", "type": "Primary"}]}