Security Vulnerability in Docker Engine Could Bypass Authorization Plugins
CVE-2024-41110

10CRITICAL

Key Information:

Vendor
Moby
Status
Moby
Vendor
CVE Published:
24 July 2024

Badges

🥇 Trended No. 1📈 Trended📈 Score: 7,670👾 Exploit Exists📰 News Worthy

What is CVE-2024-41110?

CVE-2024-41110 is a security vulnerability found in certain versions of Docker Engine, a popular open-source platform for developing, shipping, and running applications in containers. This vulnerability allows attackers to bypass authorization plugins, which are intended to enforce access control within the Docker environment. If exploited, this flaw could lead to unauthorized access and potentially escalate privileges within affected systems, posing a serious risk to organizations that rely on these authorization mechanisms for security.

Technical Details

The issue arises from the way the Docker Engine API processes requests and responses in conjunction with authorization plugins. An attacker can craft a specific API request that causes the Engine to forward it to an authorization plugin without including the necessary request body. In scenarios where the authorization plugin evaluates access decisions based solely on the metadata of the request (without the body), the missed context may lead to the acceptance of what should otherwise be a denied request. This regression stems from an earlier vulnerability discovered in 2018 that had previously been patched but was not carried forward to later major versions of Docker Engine.

Impact of the Vulnerability

  1. Unauthorized Access: The most immediate risk is that attackers could gain unauthorized access to Docker services and resources, performing operations that would normally be restricted.

  2. Privilege Escalation: Exploitation of this vulnerability may allow an attacker not only to access restricted resources but also to escalate their privileges within the Docker environment, leading to potential control over containers and associated data.

  3. Regulatory and Compliance Risks: Organizations relying on Docker for their applications may face compliance issues if exposed to unauthorized access incidents, affecting their overall security posture and leading to potential legal repercussions or loss of customer trust.

Affected Version(s)

moby >= 19.03.0, <= 19.03.15 <= 19.03.0, 19.03.15

moby >= 20.0.0, <= 20.10.27 <= 20.0.0, 20.10.27

moby >= 23.0.0, <= 23.0.14 <= 23.0.0, 23.0.14

News Articles

favicon imageGBHackers News

Multiple Flaws in Dell PowerProtect Allow System Compromise

Dell has released a Critical Security Update (DSA-2025-022) for its PowerProtect Data Domain (DD) systems to address multiple vulnerabilities.

favicon imageThe Register

Critical Docker vuln lays undetected for 5 years

Docker is warning users to rev their Docker Engine into patch mode after it realized a near-maximum severity vulnerability had been sticking around for five years. Now tracked as CVE-2024-41110, the privilege...

favicon imageHelp Net Security

Docker fixes critical auth bypass flaw, again (CVE-2024-41110) - Help Net Security

A Docker Engine flaw (CVE-2024-41110) may be exploited by attackers to bypass authorization plugins via specially crafted API request.

References

https://github.com/moby/moby/security/advisories/GHSA-v23...
x_refsource_CONFIRM
https://github.com/moby/moby/commit/411e817ddf710ff8e08fa...
x_refsource_MISC
https://github.com/moby/moby/commit/42f40b1d6dd7562342f83...
x_refsource_MISC

CVSS V3.1

Score:
10
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Changed

Timeline

  • 🟡

    Public PoC available

  • 🥇

    Vulnerability reached the number 1 worldwide trending spot

  • 📈

    Vulnerability started trending

  • 👾

    Exploit known to exist

  • 📰

    First article discovered by BleepingComputer

  • Vulnerability published

  • Vulnerability Reserved

.