CVE-2022-23774: 
Docker Desktop vulnerability analysis and mitigation

Docker Desktop before version 4.4.4 on Windows contains a vulnerability (CVE-2022-23774) that allows attackers to move arbitrary files. The vulnerability was discovered in early 2022 and was later found to have an incomplete fix, leading to CVE-2022-25365 (CVE Details).

The vulnerability has a CVSS score of 6.1 (AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H). The specific flaw exists within the Docker Desktop Service. By creating a symbolic link, an attacker can abuse the service to delete a file. An attacker must first obtain the ability to execute low-privileged code on the target system to exploit this vulnerability (ZDI Advisory).

The vulnerability can be leveraged by attackers to create a denial-of-service condition on the system. The impact primarily affects the availability and integrity of the system, with the ability to move arbitrary files potentially disrupting system operations (ZDI Advisory).

Docker has issued an update to correct this vulnerability in version 4.4.4. However, the initial fix was incomplete, leading to CVE-2022-25365, which was subsequently addressed in Docker Desktop version 4.5.1 (Docker Release Notes).