{"api_version":"1","generated_at":"2026-04-22T23:31:07+00:00","cve":"CVE-2023-5165","urls":{"html":"https://cve.report/CVE-2023-5165","api":"https://cve.report/api/cve/CVE-2023-5165.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2023-5165","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2023-5165"},"summary":{"title":"CVE-2023-5165","description":"Docker Desktop before 4.23.0 allows an unprivileged user to bypass Enhanced Container Isolation (ECI) restrictions via the debug shell which remains accessible for a short time window after launching Docker Desktop. The affected functionality is available for Docker Business customers only and assumes an environment where users are not granted local root or Administrator privileges. \n\nThis issue has been fixed in Docker Desktop 4.23.0. \n\nAffected Docker Desktop versions: from 4.13.0 before 4.23.0.","state":"PUBLIC","assigner":"security@docker.com","published_at":"2023-09-25 16:15:00","updated_at":"2023-09-26 15:50:00"},"problem_types":["CWE-862"],"metrics":[],"references":[{"url":"https://docs.docker.com/desktop/release-notes/#4230","name":"https://docs.docker.com/desktop/release-notes/#4230","refsource":"MISC","tags":[],"title":"Docker Desktop release notes | Docker Docs","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2023-5165","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-5165","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2023","cve_id":"5165","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"docker","cpe5":"docker_desktop","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2023-5165","qid":"379080","title":"Docker Desktop Bypass Enhanced Container Isolation (ECI) Vulnerability (4230)"}]},"source_records":{"cve_program":{"data_version":"4.0","data_type":"CVE","data_format":"MITRE","CVE_data_meta":{"ID":"CVE-2023-5165","ASSIGNER":"security@docker.com","STATE":"PUBLIC"},"description":{"description_data":[{"lang":"eng","value":"Docker Desktop before 4.23.0 allows an unprivileged user to bypass Enhanced Container Isolation (ECI) restrictions via the debug shell which remains accessible for a short time window after launching Docker Desktop. The affected functionality is available for Docker Business customers only and assumes an environment where users are not granted local root or Administrator privileges. \n\nThis issue has been fixed in Docker Desktop 4.23.0. \n\nAffected Docker Desktop versions: from 4.13.0 before 4.23.0.\n"}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"CWE-862 Missing Authorization","cweId":"CWE-862"}]},{"description":[{"lang":"eng","value":"CWE-424: Improper Protection of Alternate Path","cweId":"CWE-424"}]}]},"affects":{"vendor":{"vendor_data":[{"vendor_name":"Docker Inc.","product":{"product_data":[{"product_name":"Docker Desktop","version":{"version_data":[{"version_affected":"<","version_name":"4.13.0","version_value":"4.23.0"}]}}]}}]}},"references":{"reference_data":[{"url":"https://docs.docker.com/desktop/release-notes/#4230","refsource":"MISC","name":"https://docs.docker.com/desktop/release-notes/#4230"}]},"generator":{"engine":"Vulnogram 0.1.0-dev"},"source":{"discovery":"EXTERNAL"},"configuration":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"Enhanced Container Isolation enabled (only available for Docker Business users)"}],"value":"Enhanced Container Isolation enabled (only available for Docker Business users)"}],"solution":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"Update to version 4.23.0"}],"value":"Update to version 4.23.0"}],"credits":[{"lang":"en","value":"L. Kofler"}],"impact":{"cvss":[{"attackComplexity":"LOW","attackVector":"LOCAL","availabilityImpact":"NONE","baseScore":7.1,"baseSeverity":"HIGH","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"LOW","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N","version":"3.1"}]}},"nvd":{"publishedDate":"2023-09-25 16:15:00","lastModifiedDate":"2023-09-26 15:50:00","problem_types":["CWE-862"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":8.8,"baseSeverity":"HIGH"},"exploitabilityScore":2,"impactScore":6}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:docker:docker_desktop:*:*:*:*:*:*:*:*","versionStartIncluding":"4.13.0","versionEndExcluding":"4.23.0","cpe_name":[]}]}]}},"legacy_mitre":{"record":null,"notes":[]}}}