7.5
CVE-2025-13743
- EPSS 0.03%
- Veröffentlicht 09.12.2025 20:39:52
- Zuletzt bearbeitet 30.01.2026 19:35:24
- Quelle security@docker.com
- CVE-Watchlists
- Unerledigt
Expired Personal Access Tokens (PATs) are recorded in Docker Desktop diagnostic logs
Docker Desktop diagnostics bundles were found to include expired Hub PATs in log output due to error object serialization. This poses a risk of leaking sensitive information in exported diagnostics, especially when access denied errors occurred.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Docker ≫ Docker Desktop Version >= 4.51.0 < 4.54.0
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
Login| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.03% | 0.08 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
| security@docker.com | 2.4 | 0 | 0 |
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
|
CWE-532 Insertion of Sensitive Information into Log File
The product writes sensitive information to a log file.