Docker warns of a critical flaw affecting some versions of the Docker Engine that could allow an attacker to bypass authorization plugins (AuthZ) under certain circumstances.
Tracked as CVE-2024-41110the bypass and elevation of privilege vulnerability has a CVSS score of 10.0, indicating maximum severity.
“An attacker could exploit a workaround by using an API request with a content-length set to 0, causing the Docker daemon to redirect the request without a body to the AuthZ plugin, which could validate the request incorrectly,” the Moby project said in an advisory.
Docker said the problem is a regression because the problem was originally discovered in 2018 and addressed in Docker Engine v18.09.1 in January 2019, but was never ported to later versions (19.03 and later).
The issue was resolved in versions 23.0.14 and 27.1.0 dated July 23, 2024, after the issue was discovered in April 2024. The following versions of Docker Engine are affected provided that AuthZ is used to make access control decisions –
- <= version 3/19/15
- <= v20.10.27
- <= v23.0.14
- <= v24.0.9
- <= v25.0.5
- <= v26.0.2
- <= v26.1.4
- <= v27.0.3 and
- <= v27.1.0
“Users of Docker Engine v19.03.x and later versions that do not rely on authorization plugins to make access control decisions, and users of all Mirantis Container Runtime versions are not vulnerable,” Gabriela Georgieva of Docker. said.
“Users of commercial Docker products and internal infrastructure that do not rely on AuthZ plugins are not affected.”
It also affects Docker Desktop prior to versions 4.32.0, although the company said the likelihood of use is limited and requires access to the Docker API, which requires an attacker to already have local access to the host. A fix is expected to be included in the next release (version 4.33).
“The default Docker Desktop configuration does not include the AuthZ plugin,” Georgieva noted. “Privilege elevation is limited to the Docker desktop (virtual machine), not the underlying host.”
Although Docker does not mention the use of CVE-2024-41110 in the wild, it is important that users apply their installations to the latest version to reduce potential threats.
Earlier this year, Docker moved to fix a set of duplicated flaws Leaky vessels which could allow an attacker to gain unauthorized access to the host’s file system and break out of the container.
“As the popularity of cloud services grows, so does the use of containers, which have become an integral part of cloud infrastructure,” Division 42 of Palo Alto Networks. said in a report released last week. “While containers offer many benefits, they are also susceptible to attack methods such as container escapes.”
“Containers, which share the same kernel and often lack complete isolation from the host’s user mode, are susceptible to a variety of techniques used by attackers seeking to gain access outside the container environment.”
