Skip to content

Commit

Permalink
2 changes (1 new | 1 updated):
Browse files Browse the repository at this point in the history 
      - 1 new CVEs:  CVE-2025-1696
      - 1 updated CVEs: CVE-2024-1635
  • Loading branch information
cvelistV5 Github Action committed Mar 6, 2025
1 parent 724e639 commit f8e5a48
Show file tree
Hide file tree
Showing 2 changed files with 143 additions and 3 deletions.
6 changes: 3 additions & 3 deletions cves/2024/1xxx/CVE-2024-1635.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@
"assignerShortName": "redhat",
"dateReserved": "2024-02-19T17:25:58.418Z",
"datePublished": "2024-02-19T21:23:14.496Z",
"dateUpdated": "2025-03-03T14:55:06.666Z"
"dateUpdated": "2025-03-06T12:15:38.972Z"
},
"containers": {
"cna": {
Expand Down Expand Up @@ -259,7 +259,7 @@
"product": "Red Hat build of Apicurio Registry 2",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "undertow",
"defaultStatus": "affected",
"defaultStatus": "unaffected",
"cpes": [
"cpe:/a:redhat:service_registry:2"
]
Expand Down Expand Up @@ -507,7 +507,7 @@
"providerMetadata": {
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat",
"dateUpdated": "2025-03-03T14:55:06.666Z"
"dateUpdated": "2025-03-06T12:15:38.972Z"
}
},
"adp": [
Expand Down
140 changes: 140 additions & 0 deletions cves/2025/1xxx/CVE-2025-1696.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,140 @@
{
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"cveMetadata": {
"cveId": "CVE-2025-1696",
"assignerOrgId": "686469e6-3ff6-451b-ab8b-cf5b9e89401e",
"state": "PUBLISHED",
"assignerShortName": "Docker",
"dateReserved": "2025-02-25T16:19:49.992Z",
"datePublished": "2025-03-06T11:58:43.389Z",
"dateUpdated": "2025-03-06T11:58:43.389Z"
},
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows",
"MacOS",
"Linux"
],
"product": "Docker Desktop",
"vendor": "Docker",
"versions": [
{
"lessThan": "4.39.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Docker Desktop proxy is configured with Basic HTTP authentication scheme"
}
],
"value": "Docker Desktop proxy is configured with Basic HTTP authentication scheme"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A vulnerability exists in Docker Desktop prior to version 4.39.0 that could lead to the unintentional disclosure of sensitive information via application logs. In affected versions, proxy configuration data—potentially including sensitive details—was written to log files in clear text whenever an HTTP GET request was made through a proxy. An attacker with read access to these logs could obtain the proxy information and leverage it for further attacks or unauthorized access. Starting with version 4.39.0, Docker Desktop no longer logs the proxy string, thereby mitigating this risk."
}
],
"value": "A vulnerability exists in Docker Desktop prior to version 4.39.0 that could lead to the unintentional disclosure of sensitive information via application logs. In affected versions, proxy configuration data—potentially including sensitive details—was written to log files in clear text whenever an HTTP GET request was made through a proxy. An attacker with read access to these logs could obtain the proxy information and leverage it for further attacks or unauthorized access. Starting with version 4.39.0, Docker Desktop no longer logs the proxy string, thereby mitigating this risk."
}
],
"impacts": [
{
"capecId": "CAPEC-37",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-37 Retrieve Embedded Sensitive Data"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "LOCAL",
"baseScore": 5.2,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-532",
"description": "CWE-532 Insertion of Sensitive Information into Log File",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"orgId": "686469e6-3ff6-451b-ab8b-cf5b9e89401e",
"shortName": "Docker",
"dateUpdated": "2025-03-06T11:58:43.389Z"
},
"references": [
{
"url": "https://docs.docker.com/desktop/settings-and-maintenance/settings/#proxies"
},
{
"url": "https://docs.docker.com/desktop/troubleshoot-and-support/troubleshoot/#check-the-logs"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "Exposure of Proxy Credentials in Docker Desktop Logs",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
}
}

0 comments on commit f8e5a48

Please sign in to comment.