Primary

Context

Docker Desktop Sensitive Information Disclosure Vulnerability

Vulnerability

Patched

A vulnerability in Docker Desktop prior to version 4.39.0 allows for the unintended disclosure of sensitive information through application logs. When an HTTP GET request was made via a proxy, proxy configuration data, potentially containing sensitive details, was logged in clear text. An attacker with access to these logs could extract the proxy information and use it for further attacks or unauthorized access. Starting with version 4.39.0, Docker Desktop no longer logs the proxy string, mitigating this risk.

Impact

Exploitation of this vulnerability could lead to unauthorized access or further attacks using extracted proxy information.

Remediation

Users can update to Docker Desktop version 4.39.0 or later, where this vulnerability has been addressed.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

6.6

impact

2.5

exploitability

3.3

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

6.6

impact

2.5

exploitability

3.3

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Docker Desktop Sensitive Information Disclosure Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Docker Desktop

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating