Moby Patches DNS Resolution Vulnerability in Docker Engine
CVE-2024-29018

7.5HIGH

Key Information:

Vendor: Moby
Status: Moby
Vendor: CVE Published:; 20 March 2024

Summary

A vulnerability in the Moby container framework allows DNS requests originating from internal networks to be inadvertently forwarded to external nameservers. This design flaw arises from how dockerd handles name resolution for containers that are solely on internal networks. As internal networks are typically isolated from external communication, containers lack access to upstream resolvers, which can lead to unintended DNS leaks. Attackers can exploit this behavior by manipulating DNS queries to exfiltrate sensitive information, using compromised containers to encode data within these queries. Updated versions of Moby have been released to mitigate this issue, emphasizing the importance of patching and configuring containers securely.

Affected Version(s)

moby >= 26.0.0-rc1, < 26.0.0-rc3 < 26.0.0-rc1, 26.0.0-rc3

moby >= 25.0.0, < 25.0.5 < 25.0.0, 25.0.5

moby < 23.0.11 < 23.0.11

References

https://github.com/moby/moby/security/advisories/GHSA-mq3...

x_refsource_CONFIRM

https://github.com/moby/moby/pull/46609

x_refsource_MISC

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 20, 2024
Vulnerability Reserved
Mar 14, 2024