VYPR
Unrated severityNVD Advisory· Published Apr 6, 2023· Updated Feb 10, 2025

In Docker Desktop 4.17.x the Artifactory Integration falls back to sending registry credentials over plain HTTP if the HTTPS health check has failed

CVE-2023-1802

Description

In Docker Desktop 4.17.x the Artifactory Integration falls back to sending registry credentials over plain HTTP if the HTTPS health check has failed. A targeted network sniffing attack can lead to a disclosure of sensitive information. Only users who have Access Experimental Features enabled and have logged in to a private registry are affected.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Docker/Desktopllm-fuzzy2 versions
    = 4.17.x+ 1 more
    • (no CPE)range: = 4.17.x
    • (no CPE)range: 4.17.0

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.