Description
Docker Desktop version 4.3.0 and 4.3.1 has a bug that may log sensitive information (access token or password) on the user's machine during login. This only affects users if they are on Docker Desktop 4.3.0, 4.3.1 and the user has logged in while on 4.3.0, 4.3.1. Gaining access to this data would require having access to the user’s local files.
References (1)
Core 1
Core References
Release Notes, Vendor Advisory x_refsource_misc
https://docs.docker.com/desktop/windows/release-notes/
Scores
CVSS v3
5.5
EPSS
0.0016
EPSS Percentile
36.4%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-532
Status
published
Products (2)
docker/docker_desktop
4.3.0
docker/docker_desktop
4.3.1
Published
Jan 12, 2022
Tracked Since
Feb 18, 2026