admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-28 17:21:36 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2025/CVE-2025-16xx/CVE-2025-1696.json
cad-safe-bot 7ab230f046 Auto-Update: 2025-03-16T03:00:19.723046+00:00
2025-03-16 03:03:50 +00:00

86 lines
4.1 KiB
JSON
Raw Blame History

{
"id": "CVE-2025-1696",
"sourceIdentifier": "security@docker.com",
"published": "2025-03-06T12:15:36.293",
"lastModified": "2025-03-06T12:15:36.293",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability exists in Docker Desktop prior to version 4.39.0 that could lead to the unintentional disclosure of sensitive information via application logs. In affected versions, proxy configuration data\u2014potentially including sensitive details\u2014was written to log files in clear text whenever an HTTP GET request was made through a proxy. An attacker with read access to these logs could obtain the proxy information and leverage it for further attacks or unauthorized access. Starting with version 4.39.0, Docker Desktop no longer logs the proxy string, thereby mitigating this risk."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad en Docker Desktop anterior a la versi\u00f3n 4.39.0 que podr\u00eda provocar la divulgaci\u00f3n involuntaria de informaci\u00f3n confidencial a trav\u00e9s de los registros de la aplicaci\u00f3n. En las versiones afectadas, los datos de configuraci\u00f3n del proxy (que podr\u00edan incluir detalles confidenciales) se escrib\u00edan en archivos de registro en texto plano cada vez que se realizaba una solicitud HTTP GET a trav\u00e9s de un proxy. Un atacante con acceso de lectura a estos registros podr\u00eda obtener la informaci\u00f3n del proxy y aprovecharla para realizar m\u00e1s ataques o para obtener acceso no autorizado. A partir de la versi\u00f3n 4.39.0, Docker Desktop ya no registra la cadena de proxy, lo que mitiga este riesgo."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "security@docker.com",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"baseScore": 5.2,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnAvailabilityImpact": "NONE",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"subAvailabilityImpact": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirement": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"availabilityRequirement": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED"
}
}
]
},
"weaknesses": [
{
"source": "security@docker.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-532"
}
]
}
],
"references": [
{
"url": "https://docs.docker.com/desktop/settings-and-maintenance/settings/#proxies",
"source": "security@docker.com"
},
{
"url": "https://docs.docker.com/desktop/troubleshoot-and-support/troubleshoot/#check-the-logs",
"source": "security@docker.com"
}
]
}
Reference in New Issue View Git Blame Copy Permalink