Docker Desktop Enhanced Container Isolation Bypass Vulnerability Allowing Unauthorized Access to Docker Engine API

A vulnerability in Docker Desktop allows local Linux containers to access the Docker Engine API over the default Docker subnet. This issue exists with or without Enhanced Container Isolation (ECI) enabled, and regardless of the 'Expose daemon on tcp://localhost:2375 without TLS' option. The vulnerability enables execution of privileged commands via the Engine API, such as managing containers and images. In some cases, it also allows mounting host drives with user-level privileges.

Impact

Exploitation of this vulnerability could lead to unauthorized access and manipulation of Docker containers and images, and in some cases, allow access to the host file system with elevated privileges.

Reproduction

The vulnerability can be reproduced by running a local Linux container on Docker Desktop that accesses the Docker Engine API over the default subnet. This can be done regardless of the Enhanced Container Isolation setting or the 'Expose daemon on tcp://localhost:2375 without TLS' option.

Remediation

Users can update to Docker Desktop version 4.44.3 or later, where this vulnerability has been fixed.