Summary: A recently discovered vulnerability in Docker Desktop for macOS could allow unauthorized access to harmful container images, raising concerns for developers and security experts. The issue, related to the application of Registry Access Management (RAM) policies, could enable users to bypass restrictions and pull images from unapproved sources. Organizations are advised to upgrade to Docker Desktop 4.41.0 or later and reinforce security practices to mitigate risks.
Affected: Docker Desktop for macOS
Keypoints :
- Flaw arises when signing in is enforced via macOS configuration profiles, compromising RAM policies.
- Developers can access any Docker registry, increasing vulnerability to supply chain attacks.
- Assigned a CVSS score of 4.3 (Medium), indicating a significant risk for organizations relying on Docker.
- Recommended actions include upgrading to version 4.41.0, auditing settings, and educating teams on trusted sources.
Source: https://gbhackers.com/docker-registry-vulnerability/