docker
/
docs
mirror of https://github.com/docker/docs.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Change CVE links to point to the new cve.org site

This commit is contained in:
Gabriela Georgieva 2023-03-13 12:52:28 +01:00
parent 15002d26df
commit 61f3dbaf12
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
desktop/release-notes.md
View File

@ -104,8 +104,8 @@ For frequently asked questions about Docker Desktop releases, see [FAQs](faqs/ge
#### For all platforms
- Fixed [CVE-2023-0628](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0628){: target="_blank" rel="noopener" class="_"}, which allows an attacker to execute an arbitrary command inside a Dev Environments container during initialization by tricking a user to open a crafted malicious `docker-desktop://` URL.
- Fixed [CVE-2023-0629](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0629){: target="_blank" rel="noopener" class="_"}, which allows an unprivileged user to bypass Enhanced Container Isolation (ECI) restrictions by setting the Docker host to `docker.raw.sock`, or `npipe:////.pipe/docker_engine_linux` on Windows, via the `-H` (`--host`) CLI flag or the `DOCKER_HOST` environment variable and launch containers without the additional hardening features provided by ECI. This does not affect already running containers, nor containers launched through the usual approach (without Docker's raw socket).
- Fixed [CVE-2023-0628](https://www.cve.org/cverecord?id=CVE-2023-0628){: target="_blank" rel="noopener" class="_"}, which allows an attacker to execute an arbitrary command inside a Dev Environments container during initialization by tricking a user to open a crafted malicious `docker-desktop://` URL.
- Fixed [CVE-2023-0629](https://www.cve.org/cverecord?id=CVE-2023-0629){: target="_blank" rel="noopener" class="_"}, which allows an unprivileged user to bypass Enhanced Container Isolation (ECI) restrictions by setting the Docker host to `docker.raw.sock`, or `npipe:////.pipe/docker_engine_linux` on Windows, via the `-H` (`--host`) CLI flag or the `DOCKER_HOST` environment variable and launch containers without the additional hardening features provided by ECI. This does not affect already running containers, nor containers launched through the usual approach (without Docker's raw socket).
## 4.16.3