Cache poisoning vulnerability in Docker Desktop - CVE-2024-24557ID: oval:org.secpod.oval:def:97428 | Date: (C)2024-02-02 (M)2024-02-02 |
Class: VULNERABILITY | Family: windows |
The host is installed with Docker Desktop 4.19.0 before 4.27.1 and is prone to a cache poisoning vulnerability. A flaw is present in the application, which fails to properly handle the classic builder cache system of Moby project. Successful exploitation allows attackers to poison their cache by making them pull a specially crafted image that would be considered as a valid cache candidate for some build steps.
Platform: |
Microsoft Windows 7 |
Microsoft Windows 8.1 |
Microsoft Windows 10 |
Microsoft Windows Server 2008 |
Microsoft Windows Server 2008 R2 |
Microsoft Windows Server 2012 |
Microsoft Windows Server 2012 R2 |
Microsoft Windows Server 2016 |
Microsoft Windows Server 2019 |
Microsoft Windows Server 2022 |
Microsoft Windows 11 |
Product: |
Docker CE |
Docker Desktop EE |