What the vulnerability does
01Description
Docker Desktop before 4.12.0 is vulnerable to RCE via a crafted extension description or changelog. This issue affects Docker Desktop: before 4.12.0.
CVE-2023-0625
HIGH
CVE-2023-0625: Docker Desktop before 4.12.0 is vulnerable to RCE via a crafted extension description or changelog
CVSS base score
8.0/10
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Key dates
02Disclosure timeline
September 25, 2023
CVE published
September 24, 2024
Record updated
External resources
03References
Related vulnerabilities
04Related CVE
CVE-2023-46235 FOG stored XSS on log screen via unsanitized request logging
CVE-2021-25055 FeedWordPress < 2022.0123 - Reflected Cross-Site Scripting (XSS)
CVE-2023-45056 WordPress Open User Map | Everybody can add locations Plugin <= 1.3.26 is vulnerable to Cross Site Scripting (XSS)
CVE-2025-48377 Dnn.Platform vulnerable to Reflected Cross-Site Scripting (XSS) in module actions in edit mode
CVE-2023-49847 WordPress Annual Archive Plugin <= 1.6.0 is vulnerable to Cross Site Scripting (XSS)
