Close Menu
Indo Guard OnlineIndo Guard Online
  • Home
  • Cyber Security
  • Risk Management
  • Travel
  • Security News
  • Tech
  • More
    • Data Privacy
    • Data Protection
    • Global Security
What's Hot

American agencies warn of Iranian protection cyber growth, OT networks and critical infrastructure

June 30, 2025

Europol demonstrates $ 540 million in cryptocurrency fraud, arrests five suspects

June 30, 2025

Slide

June 30, 2025
Facebook X (Twitter) Instagram
Facebook X (Twitter) Instagram YouTube
Indo Guard OnlineIndo Guard Online
Subscribe
  • Home
  • Cyber Security
  • Risk Management
  • Travel
  • Security News
  • Tech
  • More
    • Data Privacy
    • Data Protection
    • Global Security
Indo Guard OnlineIndo Guard Online
Home » A critical flaw in Docker Engine allows attackers to bypass authorization plugins
Global Security

A critical flaw in Docker Engine allows attackers to bypass authorization plugins

AdminBy AdminJuly 25, 2024No Comments1 Min Read
Critical Docker Engine Flaw
Share
Facebook Twitter LinkedIn Pinterest Email Copy Link


July 25, 2024Information hallContainer Security / Vulnerability

A critical flaw in Docker Engine

Docker warns of a critical flaw affecting some versions of the Docker Engine that could allow an attacker to bypass authorization plugins (AuthZ) under certain circumstances.

Tracked as CVE-2024-41110the bypass and elevation of privilege vulnerability has a CVSS score of 10.0, indicating maximum severity.

“An attacker could exploit a workaround by using an API request with a content-length set to 0, causing the Docker daemon to redirect the request without a body to the AuthZ plugin, which could validate the request incorrectly,” the Moby project said in an advisory.

Docker said the problem is a regression because the problem was originally discovered in 2018 and addressed in Docker Engine v18.09.1 ​​in January 2019, but was never ported to later versions (19.03 and later).

Cyber ​​security

The issue was resolved in versions 23.0.14 and 27.1.0 dated July 23, 2024, after the issue was discovered in April 2024. The following versions of Docker Engine are affected provided that AuthZ is used to make access control decisions –

  • <= version 3/19/15
  • <= v20.10.27
  • <= v23.0.14
  • <= v24.0.9
  • <= v25.0.5
  • <= v26.0.2
  • <= v26.1.4
  • <= v27.0.3 and
  • <= v27.1.0

“Users of Docker Engine v19.03.x and later versions that do not rely on authorization plugins to make access control decisions, and users of all Mirantis Container Runtime versions are not vulnerable,” Gabriela Georgieva of Docker. said.

“Users of commercial Docker products and internal infrastructure that do not rely on AuthZ plugins are not affected.”

It also affects Docker Desktop prior to versions 4.32.0, although the company said the likelihood of use is limited and requires access to the Docker API, which requires an attacker to already have local access to the host. A fix is ​​expected to be included in the next release (version 4.33).

“The default Docker Desktop configuration does not include the AuthZ plugin,” Georgieva noted. “Privilege elevation is limited to the Docker desktop (virtual machine), not the underlying host.”

Although Docker does not mention the use of CVE-2024-41110 in the wild, it is important that users apply their installations to the latest version to reduce potential threats.

Earlier this year, Docker moved to fix a set of duplicated flaws Leaky vessels which could allow an attacker to gain unauthorized access to the host’s file system and break out of the container.

“As the popularity of cloud services grows, so does the use of containers, which have become an integral part of cloud infrastructure,” Division 42 of Palo Alto Networks. said in a report released last week. “While containers offer many benefits, they are also susceptible to attack methods such as container escapes.”

“Containers, which share the same kernel and often lack complete isolation from the host’s user mode, are susceptible to a variety of techniques used by attackers seeking to gain access outside the container environment.”

Did you find this article interesting? Follow us Twitter  and LinkedIn to read more exclusive content we publish.





Source link

Share. Facebook Twitter Pinterest LinkedIn Tumblr Email Copy Link
Admin
  • Website

Related Posts

American agencies warn of Iranian protection cyber growth, OT networks and critical infrastructure

June 30, 2025

Europol demonstrates $ 540 million in cryptocurrency fraud, arrests five suspects

June 30, 2025

Slide

June 30, 2025

Pragmatic approach to NHI stocks

June 30, 2025

FBI warns about expanded spider attacks on airline using social engineering

June 28, 2025

The new AI Facebook tool asks for upload your photos for plot ideas, causing privacy trouble

June 28, 2025
Add A Comment
Leave A Reply Cancel Reply

Loading poll ...
Coming Soon
Do You Like Our Website
: {{ tsp_total }}

Subscribe to Updates

Get the latest security news from Indoguardonline.com

Latest Posts

American agencies warn of Iranian protection cyber growth, OT networks and critical infrastructure

June 30, 2025

Europol demonstrates $ 540 million in cryptocurrency fraud, arrests five suspects

June 30, 2025

Slide

June 30, 2025

Pragmatic approach to NHI stocks

June 30, 2025

FBI warns about expanded spider attacks on airline using social engineering

June 28, 2025

The new AI Facebook tool asks for upload your photos for plot ideas, causing privacy trouble

June 28, 2025

From the theft of the browser to the intelligence collection instrument

June 28, 2025

More than 1000 SOHO devices hacked in China associated with cyber-science associated with cyber

June 27, 2025
About Us
About Us

Provide a constantly updating feed of the latest security news and developments specific to Indonesia.

Facebook X (Twitter) Pinterest YouTube WhatsApp
Our Picks

American agencies warn of Iranian protection cyber growth, OT networks and critical infrastructure

June 30, 2025

Europol demonstrates $ 540 million in cryptocurrency fraud, arrests five suspects

June 30, 2025

Slide

June 30, 2025
Most Popular

In Indonesia, crippling immigration ransomware breach sparks privacy crisis

July 6, 2024

Why Indonesia’s Data Breach Crisis Calls for Better Security

July 6, 2024

Indonesia’s plan to integrate 27,000 govt apps in one platform welcomed but data security concerns linger

July 6, 2024
© 2025 indoguardonline.com
  • Home
  • About us
  • Contact us
  • Privacy Policy

Type above and press Enter to search. Press Esc to cancel.