doCker warns about a critical vulnerability in some versions of Docker Engine, which enables attackers to bypass the authorization plugins (Authz). The vulnerability, identified as CVE-2024-411110, has the highest CVSS score of 10.0.
Developers of the Moby project stated, “An attacker can exploit a bypass using API-LengTH API, allowing them to send a request without a body to the Authz plugin, which could result in an incorrect approval of the request.”
The issue was initially discovered in 2018 and addressed in Docker Engine V18.09.1 in January 2019. However, the fix was not implemented in subsequent versions (19.03 and above). After the vulnerability was rediscovered in April this year, patches (23.0.14 and 27.1.0) were released in July to rectify the issue.
Docker highlighted that Docker Engine V19.03.x users and newer versions that do not rely on authorization plugins for access management decisions, as well as users of all versions of Mirantis Container Runtime, are not affected by the vulnerability.
The vulnerability also impacts Docker Desktop up to version 4.32.0, requiring access to the Docker API for exploitation, indicating the need for local host access. The upcoming release (version 4.33) will address this issue.
“The Docker Desktop configuration does not activate Authz plugins by default,” stated Docker representatives. “Privilege escalation is restricted to the Docker Desktop virtual machine and not the underlying host.”
Although actual attacks leveraging CVE-2024-41110 have not been reported, users are strongly advised to update to the latest version to mitigate potential risks.
Earlier this year, Docker addressed a set of vulnerabilities named Leaky Vessels, which could enable unauthorized access to the host file system beyond the container environment.
“With the increasing adoption of cloud services, containers have become a crucial component of cloud infrastructure,” stated experts from Palo Alto Networks Unit 42 in a report published last week. “Containers offer numerous benefits but are also susceptible to attacks.”
“Due