Docker Desktop DoS Vulnerability
Local exploit can cause denial of service
Executive Summary
A medium-level vulnerability in Docker Desktop allows a local attacker to cause a denial of service. Organisations should assess their exposure and apply necessary mitigations to prevent potential disruptions.
What Happened
CERT-Bund has issued an advisory regarding a vulnerability in Docker Desktop that can be exploited by a local attacker to cause a denial of service (DoS). This vulnerability does not have an assigned CVE but poses a medium threat level due to its potential to disrupt services.
Operational and Compliance Impact
For EU organisations, especially those relying on Docker Desktop for container management, this vulnerability could lead to operational disruptions. Under NIS2/DORA, entities must ensure the resilience and availability of their services, making it crucial to address this vulnerability promptly to maintain compliance and operational integrity.
NIS2/DORA Obligations Triggered
Organisations must implement appropriate technical and organisational measures to manage risks posed to the security of network and information systems. This includes addressing vulnerabilities that could lead to service disruptions.
Affected Sectors
Recommended Immediate Actions
Assess the use of Docker Desktop within your organisation and implement mitigations to prevent potential DoS attacks.
immediateMonitor for updates or patches from Docker and apply them as soon as they become available.
short-term