Executive Summary

This vulnerability involves Docker Desktop diagnostics bundles including expired Hub Personal Access Tokens (PATs) in their log output due to error object serialization. This means that sensitive information, specifically expired authentication tokens, can be unintentionally exposed in exported diagnostic logs, especially when access denied errors occur.

Useful 0 Not Useful 0

Impact Analysis

The vulnerability can lead to leakage of sensitive information such as expired Hub Personal Access Tokens in diagnostic logs. If these logs are exported or shared, it could expose authentication tokens that might be used to gain unauthorized access or compromise security, increasing the risk of information disclosure.

Useful 0 Not Useful 0

Compliance Impact

This vulnerability poses a risk of leaking sensitive information through exported diagnostics bundles that include expired Hub PATs in log output. Such leakage of sensitive data could potentially impact compliance with standards and regulations like GDPR and HIPAA, which require protection of sensitive information. However, specific compliance impacts are not detailed in the provided resources. [1]

Useful 0 Not Useful 0