CVE-2023-40453 Information

Description

Docker Machine through 0.16.2 allows an attacker who has control of a worker node to provide crafted version data which might potentially trick an administrator into performing an unsafe action (via escape sequence injection) or might have a data size that causes a denial of service to a bastion node. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

Reference

https://vin01.github.io/piptagole/docker/security/gitlab/docker-machine/2023/07/07/docker-machine-attack-surface.html https://hackerone.com/reports/1916285 https://github.com/docker/machine/releases