What is CVE-2023-1802?

CVE-2023-1802 is a medium-severity vulnerability in Docker Desktop, classified under Cleartext Transmission of Sensitive Information. CVSS score: 5.9/10. Published 2023-04-06.

How severe is CVE-2023-1802?

Medium severity. CVSS v3 base score is 5.9 out of 10.

Vulnerability in Docker Desktop

CVE-2023-1802

In Docker Desktop 4.17.x the Artifactory Integration falls back to sending registry credentials over plain HTTP if the HTTPS health check has failed. A targeted network sniffing attack can lead to a disclosure of sensitive information. Onl…

EPSS: 0.002 (38.6th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 5.9 (Medium). Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N.

Affected products

Docker Desktop — versions 4.17.0

Weakness classification (CWE)

CWE-319 — Cleartext Transmission of Sensitive Information

References

docs.docker.com/desktop/release-notes/ (release-notes)
github.com/docker/for-win/issues/13344 (issue-tracking)

Frequently asked questions

What is CVE-2023-1802?: CVE-2023-1802 is a medium-severity vulnerability in Docker Desktop, classified under Cleartext Transmission of Sensitive Information. CVSS score: 5.9/10. Published 2023-04-06.
How severe is CVE-2023-1802?: Medium severity. CVSS v3 base score is 5.9 out of 10.