Логотип exploitDog
bind:CVE-2025-6587
Консоль
Логотип exploitDog

exploitDog

bind:CVE-2025-6587

Количество 3

Количество 3

nvd логотип

CVE-2025-6587

около 2 месяцев назад

System environment variables are recorded in Docker Desktop diagnostic logs, when using shell auto-completion. This leads to unintentional disclosure of sensitive information such as api keys, passwords, etc.  A malicious actor with read access to these logs could obtain secrets and further use them to gain unauthorized access to other systems. Starting with version 4.43.0 Docker Desktop no longer logs system environment variables as part of diagnostics log collection.

EPSS: Низкий
github логотип

GHSA-qj23-w8jm-w8wv

около 2 месяцев назад

System environment variables are recorded in Docker Desktop diagnostic logs, when using shell auto-completion. This leads to unintentional disclosure of sensitive information such as api keys, passwords, etc.  A malicious actor with read access to these logs could obtain secrets and further use them to gain unauthorized access to other systems. Starting with version 4.43.0 Docker Desktop no longer logs system environment variables as part of diagnostics log collection.

EPSS: Низкий
fstec логотип

BDU:2025-09069

около 2 месяцев назад

Уязвимость диагностических журналов платформы для разработки и доставки контейнерных приложений Docker Desktop, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации

CVSS3: 6.5
EPSS: Низкий

Уязвимостей на страницу

Уязвимость
CVSS
EPSS
Опубликовано
nvd логотип
CVE-2025-6587

System environment variables are recorded in Docker Desktop diagnostic logs, when using shell auto-completion. This leads to unintentional disclosure of sensitive information such as api keys, passwords, etc.  A malicious actor with read access to these logs could obtain secrets and further use them to gain unauthorized access to other systems. Starting with version 4.43.0 Docker Desktop no longer logs system environment variables as part of diagnostics log collection.

0%
Низкий
около 2 месяцев назад
github логотип
GHSA-qj23-w8jm-w8wv

System environment variables are recorded in Docker Desktop diagnostic logs, when using shell auto-completion. This leads to unintentional disclosure of sensitive information such as api keys, passwords, etc.  A malicious actor with read access to these logs could obtain secrets and further use them to gain unauthorized access to other systems. Starting with version 4.43.0 Docker Desktop no longer logs system environment variables as part of diagnostics log collection.

0%
Низкий
около 2 месяцев назад
fstec логотип
BDU:2025-09069

Уязвимость диагностических журналов платформы для разработки и доставки контейнерных приложений Docker Desktop, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации

CVSS3: 6.5
0%
Низкий
около 2 месяцев назад

Уязвимостей на страницу