Docker Desktop Expired Hub Personal Access Token Leakage in Diagnostics Bundles

Vulnerability

A vulnerability exists in Docker Desktop where diagnostics bundles unintentionally include expired Hub personal access tokens (PATs) in the log output. This issue arises from the serialization of error objects, which can lead to the unintentional disclosure of sensitive information in exported diagnostics. The problem is particularly pronounced when access denied errors are encountered.

Impact

The inclusion of expired personal access tokens in diagnostics logs creates a risk of leaking sensitive information, which could be exploited if the tokens were still valid.

Added: Dec 9, 2025, 9:42 PM

Updated: Dec 9, 2025, 9:42 PM

Vulnerability Rating

Custom Algorithm

spread

6.6

impact

2.5

exploitability

4.7

remediation

0.0

relevance

1.3

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

6.6

impact

2.5

exploitability

4.7

remediation

0.0

relevance

1.3

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Docker Desktop Expired Hub Personal Access Token Leakage in Diagnostics Bundles

Vulnerability

Impact

Affected Products

Docker Desktop

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating