{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-20T11:07:00.780","vulnerabilities":[{"cve":{"id":"CVE-2023-5165","sourceIdentifier":"security@docker.com","published":"2023-09-25T16:15:15.773","lastModified":"2024-11-21T08:41:12.893","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Docker Desktop before 4.23.0 allows an unprivileged user to bypass Enhanced Container Isolation (ECI) restrictions via the debug shell which remains accessible for a short time window after launching Docker Desktop. The affected functionality is available for Docker Business customers only and assumes an environment where users are not granted local root or Administrator privileges. \n\nThis issue has been fixed in Docker Desktop 4.23.0. \n\nAffected Docker Desktop versions: from 4.13.0 before 4.23.0.\n"},{"lang":"es","value":"Docker Desktop anterior a 4.23.0 permite a un usuario sin privilegios evitar las restricciones de Enhanced Container Isolation (ECI) a través del shell de depuración, al que permanece accesible durante un breve período de tiempo después de iniciar Docker Desktop. La funcionalidad afectada está disponible solo para clientes de Docker Business y asume un entorno donde los usuarios no reciben privilegios de administrador o root local. Este problema se solucionó en Docker Desktop 4.23.0. Versiones de Docker Desktop afectadas: desde 4.13.0 anterior a 4.23.0."}],"metrics":{"cvssMetricV31":[{"source":"security@docker.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":1.8,"impactScore":5.2},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.0,"impactScore":6.0}]},"weaknesses":[{"source":"security@docker.com","type":"Secondary","description":[{"lang":"en","value":"CWE-424"},{"lang":"en","value":"CWE-862"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-862"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:docker:docker_desktop:*:*:*:*:*:*:*:*","versionStartIncluding":"4.13.0","versionEndExcluding":"4.23.0","matchCriteriaId":"B958322D-1E03-46F3-9AFA-0467DE4DC4EC"}]}]}],"references":[{"url":"https://docs.docker.com/desktop/release-notes/#4230","source":"security@docker.com","tags":["Release Notes","Vendor Advisory"]},{"url":"https://docs.docker.com/desktop/release-notes/#4230","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Release Notes","Vendor Advisory"]}]}}]}