Carding Forum
Professional
- Messages
- 2,788
- Reaction score
- 1,176
- Points
- 113
The maximum CVSS score indicates an increased risk for enterprise systems.
Warns Docker about a critical vulnerability in some versions of the Docker Engine that allows attackers to bypass authorization plugins (AuthZ). The vulnerability, tracked as CVE-2024-41110, has a maximum rating of CVSS-10.0.
According to a statement from the developers of the Moby project: "An attacker can use traversal using an API request with Content-Length set to 0, which will result in sending a request without a body to the AuthZ plugin, which may incorrectly approve the request."
Especially noteworthy is that, according to Docker reports, the problem is very old and has long been known. It was discovered back in 2018 and fixed in Docker Engine v18. 09. 1, released in January 2019. However, for some reason, the fix was not migrated to subsequent versions of Docker (19.03 and later).
After the problem was rediscovered in April of this year, the corresponding patches (23.0.14 and 27.1.0) were released in July to fix this vulnerability. It is worth noting that the following versions of Docker are still vulnerable to exploitation CVE-2024-41110:
Docker representatives stated that users of Docker Engine v19. 03. x and later versions that do not depend on authorization plugins for making access control decisions, as well as users of all versions of Mirantis Container Runtime, are not affected by the identified vulnerability.
It is worth noting that the vulnerability also affects Docker Desktop up to version 4.32.0, although the probability of exploitation is limited and requires access to the Docker API, which implies local access to the host. The fix will be included in a future release (version 4.33).
"The default configuration of Docker Desktop does not include AuthZ plugins," Docker representatives noted. "Privilege escalation is limited to the Docker Desktop VM, not the base host."
Although Docker does not mention exploiting CVE-2024-41110 in real-world attacks, users are strongly encouraged to update their installations to the latest version to prevent potential threats.
Earlier this year, Docker patched a set of vulnerabilities called Leaky Vessels that allowed attackers to gain unauthorized access to the host file system and go outside the container.
"With the growing popularity of cloud services, the use of containers, which have become an integral part of the cloud infrastructure, is also increasing," said experts from Palo Alto Networks Unit 42 in a report published last week. "While containers offer many advantages, they are also vulnerable to attacks."
"By using a shared core and often not having complete isolation from host user mode, containers are susceptible to various techniques that attackers use to exit the container environment," the researchers explained.
Source
Warns Docker about a critical vulnerability in some versions of the Docker Engine that allows attackers to bypass authorization plugins (AuthZ). The vulnerability, tracked as CVE-2024-41110, has a maximum rating of CVSS-10.0.
According to a statement from the developers of the Moby project: "An attacker can use traversal using an API request with Content-Length set to 0, which will result in sending a request without a body to the AuthZ plugin, which may incorrectly approve the request."
Especially noteworthy is that, according to Docker reports, the problem is very old and has long been known. It was discovered back in 2018 and fixed in Docker Engine v18. 09. 1, released in January 2019. However, for some reason, the fix was not migrated to subsequent versions of Docker (19.03 and later).
After the problem was rediscovered in April of this year, the corresponding patches (23.0.14 and 27.1.0) were released in July to fix this vulnerability. It is worth noting that the following versions of Docker are still vulnerable to exploitation CVE-2024-41110:
- <= v19.03.15;
- <= v20.10.27;
- <= v23.0.14;
- <= v24.0.9;
- <= v25.0.5;
- <= v26.0.2;
- <= v26.1.4;
- <= v27.0.3;
- <= v27.1.0.
Docker representatives stated that users of Docker Engine v19. 03. x and later versions that do not depend on authorization plugins for making access control decisions, as well as users of all versions of Mirantis Container Runtime, are not affected by the identified vulnerability.
It is worth noting that the vulnerability also affects Docker Desktop up to version 4.32.0, although the probability of exploitation is limited and requires access to the Docker API, which implies local access to the host. The fix will be included in a future release (version 4.33).
"The default configuration of Docker Desktop does not include AuthZ plugins," Docker representatives noted. "Privilege escalation is limited to the Docker Desktop VM, not the base host."
Although Docker does not mention exploiting CVE-2024-41110 in real-world attacks, users are strongly encouraged to update their installations to the latest version to prevent potential threats.
Earlier this year, Docker patched a set of vulnerabilities called Leaky Vessels that allowed attackers to gain unauthorized access to the host file system and go outside the container.
"With the growing popularity of cloud services, the use of containers, which have become an integral part of the cloud infrastructure, is also increasing," said experts from Palo Alto Networks Unit 42 in a report published last week. "While containers offer many advantages, they are also vulnerable to attacks."
"By using a shared core and often not having complete isolation from host user mode, containers are susceptible to various techniques that attackers use to exit the container environment," the researchers explained.
Source
