CVE-2023-1802: 
Docker Desktop vulnerability analysis and mitigation

A vulnerability exists in Docker Desktop (CVE-2023-1802) that can lead to disclosure of sensitive information through targeted network sniffing. The vulnerability affects users who have Access Experimental Features enabled in Docker Desktop. The issue was discovered in version 4.17.1 and involves the leakage of container registry credentials (Docker Issue).

When the Access Experimental Features option is enabled in Docker Desktop, the application sends periodic HTTP GET requests to container registry endpoints (example: container.registry:5050/artifactory/api/system/ping) containing plaintext credentials in the Authorization header. This occurs particularly when accessing the Images section in the Docker Desktop interface after periods of inactivity (Docker Issue).

The vulnerability allows attackers to intercept plaintext credentials for private container registries through network sniffing. This exposure of authentication credentials could potentially lead to unauthorized access to private container repositories and sensitive container images (Docker Issue).

Users can mitigate this vulnerability by disabling the Access Experimental Features option in Docker Desktop settings until a patch is available. This prevents the application from sending the vulnerable HTTP requests that contain the credentials (Docker Issue).